From 32353166592cd1543bc83bea2a38dbd89b48147d Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Fri, 9 Apr 2021 00:27:41 +0000 Subject: [PATCH 01/26] Runs update.sh --- 19.0-rc/apache/Dockerfile | 157 -------------- .../config/apache-pretty-urls.config.php | 4 - 19.0-rc/apache/config/apcu.config.php | 4 - 19.0-rc/apache/config/apps.config.php | 15 -- 19.0-rc/apache/config/autoconfig.php | 27 --- 19.0-rc/apache/config/redis.config.php | 17 -- .../apache/config/reverse-proxy.config.php | 25 --- 19.0-rc/apache/config/s3.config.php | 27 --- 19.0-rc/apache/config/smtp.config.php | 15 -- 19.0-rc/apache/config/swift.config.php | 31 --- 19.0-rc/apache/cron.sh | 4 - 19.0-rc/apache/entrypoint.sh | 194 ------------------ 19.0-rc/apache/upgrade.exclude | 5 - 19.0-rc/fpm-alpine/Dockerfile | 134 ------------ 19.0-rc/fpm-alpine/config/apcu.config.php | 4 - 19.0-rc/fpm-alpine/config/apps.config.php | 15 -- 19.0-rc/fpm-alpine/config/autoconfig.php | 27 --- 19.0-rc/fpm-alpine/config/redis.config.php | 17 -- .../config/reverse-proxy.config.php | 25 --- 19.0-rc/fpm-alpine/config/s3.config.php | 27 --- 19.0-rc/fpm-alpine/config/smtp.config.php | 15 -- 19.0-rc/fpm-alpine/config/swift.config.php | 31 --- 19.0-rc/fpm-alpine/cron.sh | 4 - 19.0-rc/fpm-alpine/entrypoint.sh | 194 ------------------ 19.0-rc/fpm-alpine/upgrade.exclude | 5 - 19.0-rc/fpm/Dockerfile | 149 -------------- 19.0-rc/fpm/config/apcu.config.php | 4 - 19.0-rc/fpm/config/apps.config.php | 15 -- 19.0-rc/fpm/config/autoconfig.php | 27 --- 19.0-rc/fpm/config/redis.config.php | 17 -- 19.0-rc/fpm/config/reverse-proxy.config.php | 25 --- 19.0-rc/fpm/config/s3.config.php | 27 --- 19.0-rc/fpm/config/smtp.config.php | 15 -- 19.0-rc/fpm/config/swift.config.php | 31 --- 19.0-rc/fpm/cron.sh | 4 - 19.0-rc/fpm/entrypoint.sh | 194 ------------------ 19.0-rc/fpm/upgrade.exclude | 5 - 19.0/apache/Dockerfile | 2 +- 19.0/fpm-alpine/Dockerfile | 2 +- 19.0/fpm/Dockerfile | 2 +- 20.0-rc/apache/Dockerfile | 157 -------------- .../config/apache-pretty-urls.config.php | 4 - 20.0-rc/apache/config/apcu.config.php | 4 - 20.0-rc/apache/config/apps.config.php | 15 -- 20.0-rc/apache/config/autoconfig.php | 27 --- 20.0-rc/apache/config/redis.config.php | 17 -- .../apache/config/reverse-proxy.config.php | 25 --- 20.0-rc/apache/config/s3.config.php | 27 --- 20.0-rc/apache/config/smtp.config.php | 15 -- 20.0-rc/apache/config/swift.config.php | 31 --- 20.0-rc/apache/cron.sh | 4 - 20.0-rc/apache/entrypoint.sh | 194 ------------------ 20.0-rc/apache/upgrade.exclude | 5 - 20.0-rc/fpm-alpine/Dockerfile | 134 ------------ 20.0-rc/fpm-alpine/config/apcu.config.php | 4 - 20.0-rc/fpm-alpine/config/apps.config.php | 15 -- 20.0-rc/fpm-alpine/config/autoconfig.php | 27 --- 20.0-rc/fpm-alpine/config/redis.config.php | 17 -- .../config/reverse-proxy.config.php | 25 --- 20.0-rc/fpm-alpine/config/s3.config.php | 27 --- 20.0-rc/fpm-alpine/config/smtp.config.php | 15 -- 20.0-rc/fpm-alpine/config/swift.config.php | 31 --- 20.0-rc/fpm-alpine/cron.sh | 4 - 20.0-rc/fpm-alpine/entrypoint.sh | 194 ------------------ 20.0-rc/fpm-alpine/upgrade.exclude | 5 - 20.0-rc/fpm/Dockerfile | 149 -------------- 20.0-rc/fpm/config/apcu.config.php | 4 - 20.0-rc/fpm/config/apps.config.php | 15 -- 20.0-rc/fpm/config/autoconfig.php | 27 --- 20.0-rc/fpm/config/redis.config.php | 17 -- 20.0-rc/fpm/config/reverse-proxy.config.php | 25 --- 20.0-rc/fpm/config/s3.config.php | 27 --- 20.0-rc/fpm/config/smtp.config.php | 15 -- 20.0-rc/fpm/config/swift.config.php | 31 --- 20.0-rc/fpm/cron.sh | 4 - 20.0-rc/fpm/entrypoint.sh | 194 ------------------ 20.0-rc/fpm/upgrade.exclude | 5 - 20.0/apache/Dockerfile | 2 +- 20.0/fpm-alpine/Dockerfile | 2 +- 20.0/fpm/Dockerfile | 2 +- 21.0-rc/apache/Dockerfile | 157 -------------- .../config/apache-pretty-urls.config.php | 4 - 21.0-rc/apache/config/apcu.config.php | 4 - 21.0-rc/apache/config/apps.config.php | 15 -- 21.0-rc/apache/config/autoconfig.php | 27 --- 21.0-rc/apache/config/redis.config.php | 17 -- .../apache/config/reverse-proxy.config.php | 25 --- 21.0-rc/apache/config/s3.config.php | 27 --- 21.0-rc/apache/config/smtp.config.php | 15 -- 21.0-rc/apache/config/swift.config.php | 31 --- 21.0-rc/apache/cron.sh | 4 - 21.0-rc/apache/entrypoint.sh | 194 ------------------ 21.0-rc/apache/upgrade.exclude | 5 - 21.0-rc/fpm-alpine/Dockerfile | 134 ------------ 21.0-rc/fpm-alpine/config/apcu.config.php | 4 - 21.0-rc/fpm-alpine/config/apps.config.php | 15 -- 21.0-rc/fpm-alpine/config/autoconfig.php | 27 --- 21.0-rc/fpm-alpine/config/redis.config.php | 17 -- .../config/reverse-proxy.config.php | 25 --- 21.0-rc/fpm-alpine/config/s3.config.php | 27 --- 21.0-rc/fpm-alpine/config/smtp.config.php | 15 -- 21.0-rc/fpm-alpine/config/swift.config.php | 31 --- 21.0-rc/fpm-alpine/cron.sh | 4 - 21.0-rc/fpm-alpine/entrypoint.sh | 194 ------------------ 21.0-rc/fpm-alpine/upgrade.exclude | 5 - 21.0-rc/fpm/Dockerfile | 149 -------------- 21.0-rc/fpm/config/apcu.config.php | 4 - 21.0-rc/fpm/config/apps.config.php | 15 -- 21.0-rc/fpm/config/autoconfig.php | 27 --- 21.0-rc/fpm/config/redis.config.php | 17 -- 21.0-rc/fpm/config/reverse-proxy.config.php | 25 --- 21.0-rc/fpm/config/s3.config.php | 27 --- 21.0-rc/fpm/config/smtp.config.php | 15 -- 21.0-rc/fpm/config/swift.config.php | 31 --- 21.0-rc/fpm/cron.sh | 4 - 21.0-rc/fpm/entrypoint.sh | 194 ------------------ 21.0-rc/fpm/upgrade.exclude | 5 - 21.0/apache/Dockerfile | 2 +- 21.0/fpm-alpine/Dockerfile | 2 +- 21.0/fpm/Dockerfile | 2 +- latest.txt | 2 +- 121 files changed, 10 insertions(+), 4618 deletions(-) delete mode 100644 19.0-rc/apache/Dockerfile delete mode 100644 19.0-rc/apache/config/apache-pretty-urls.config.php delete mode 100644 19.0-rc/apache/config/apcu.config.php delete mode 100644 19.0-rc/apache/config/apps.config.php delete mode 100644 19.0-rc/apache/config/autoconfig.php delete mode 100644 19.0-rc/apache/config/redis.config.php delete mode 100644 19.0-rc/apache/config/reverse-proxy.config.php delete mode 100644 19.0-rc/apache/config/s3.config.php delete mode 100644 19.0-rc/apache/config/smtp.config.php delete mode 100644 19.0-rc/apache/config/swift.config.php delete mode 100755 19.0-rc/apache/cron.sh delete mode 100755 19.0-rc/apache/entrypoint.sh delete mode 100644 19.0-rc/apache/upgrade.exclude delete mode 100644 19.0-rc/fpm-alpine/Dockerfile delete mode 100644 19.0-rc/fpm-alpine/config/apcu.config.php delete mode 100644 19.0-rc/fpm-alpine/config/apps.config.php delete mode 100644 19.0-rc/fpm-alpine/config/autoconfig.php delete mode 100644 19.0-rc/fpm-alpine/config/redis.config.php delete mode 100644 19.0-rc/fpm-alpine/config/reverse-proxy.config.php delete mode 100644 19.0-rc/fpm-alpine/config/s3.config.php delete mode 100644 19.0-rc/fpm-alpine/config/smtp.config.php delete mode 100644 19.0-rc/fpm-alpine/config/swift.config.php delete mode 100755 19.0-rc/fpm-alpine/cron.sh delete mode 100755 19.0-rc/fpm-alpine/entrypoint.sh delete mode 100644 19.0-rc/fpm-alpine/upgrade.exclude delete mode 100644 19.0-rc/fpm/Dockerfile delete mode 100644 19.0-rc/fpm/config/apcu.config.php delete mode 100644 19.0-rc/fpm/config/apps.config.php delete mode 100644 19.0-rc/fpm/config/autoconfig.php delete mode 100644 19.0-rc/fpm/config/redis.config.php delete mode 100644 19.0-rc/fpm/config/reverse-proxy.config.php delete mode 100644 19.0-rc/fpm/config/s3.config.php delete mode 100644 19.0-rc/fpm/config/smtp.config.php delete mode 100644 19.0-rc/fpm/config/swift.config.php delete mode 100755 19.0-rc/fpm/cron.sh delete mode 100755 19.0-rc/fpm/entrypoint.sh delete mode 100644 19.0-rc/fpm/upgrade.exclude delete mode 100644 20.0-rc/apache/Dockerfile delete mode 100644 20.0-rc/apache/config/apache-pretty-urls.config.php delete mode 100644 20.0-rc/apache/config/apcu.config.php delete mode 100644 20.0-rc/apache/config/apps.config.php delete mode 100644 20.0-rc/apache/config/autoconfig.php delete mode 100644 20.0-rc/apache/config/redis.config.php delete mode 100644 20.0-rc/apache/config/reverse-proxy.config.php delete mode 100644 20.0-rc/apache/config/s3.config.php delete mode 100644 20.0-rc/apache/config/smtp.config.php delete mode 100644 20.0-rc/apache/config/swift.config.php delete mode 100755 20.0-rc/apache/cron.sh delete mode 100755 20.0-rc/apache/entrypoint.sh delete mode 100644 20.0-rc/apache/upgrade.exclude delete mode 100644 20.0-rc/fpm-alpine/Dockerfile delete mode 100644 20.0-rc/fpm-alpine/config/apcu.config.php delete mode 100644 20.0-rc/fpm-alpine/config/apps.config.php delete mode 100644 20.0-rc/fpm-alpine/config/autoconfig.php delete mode 100644 20.0-rc/fpm-alpine/config/redis.config.php delete mode 100644 20.0-rc/fpm-alpine/config/reverse-proxy.config.php delete mode 100644 20.0-rc/fpm-alpine/config/s3.config.php delete mode 100644 20.0-rc/fpm-alpine/config/smtp.config.php delete mode 100644 20.0-rc/fpm-alpine/config/swift.config.php delete mode 100755 20.0-rc/fpm-alpine/cron.sh delete mode 100755 20.0-rc/fpm-alpine/entrypoint.sh delete mode 100644 20.0-rc/fpm-alpine/upgrade.exclude delete mode 100644 20.0-rc/fpm/Dockerfile delete mode 100644 20.0-rc/fpm/config/apcu.config.php delete mode 100644 20.0-rc/fpm/config/apps.config.php delete mode 100644 20.0-rc/fpm/config/autoconfig.php delete mode 100644 20.0-rc/fpm/config/redis.config.php delete mode 100644 20.0-rc/fpm/config/reverse-proxy.config.php delete mode 100644 20.0-rc/fpm/config/s3.config.php delete mode 100644 20.0-rc/fpm/config/smtp.config.php delete mode 100644 20.0-rc/fpm/config/swift.config.php delete mode 100755 20.0-rc/fpm/cron.sh delete mode 100755 20.0-rc/fpm/entrypoint.sh delete mode 100644 20.0-rc/fpm/upgrade.exclude delete mode 100644 21.0-rc/apache/Dockerfile delete mode 100644 21.0-rc/apache/config/apache-pretty-urls.config.php delete mode 100644 21.0-rc/apache/config/apcu.config.php delete mode 100644 21.0-rc/apache/config/apps.config.php delete mode 100644 21.0-rc/apache/config/autoconfig.php delete mode 100644 21.0-rc/apache/config/redis.config.php delete mode 100644 21.0-rc/apache/config/reverse-proxy.config.php delete mode 100644 21.0-rc/apache/config/s3.config.php delete mode 100644 21.0-rc/apache/config/smtp.config.php delete mode 100644 21.0-rc/apache/config/swift.config.php delete mode 100755 21.0-rc/apache/cron.sh delete mode 100755 21.0-rc/apache/entrypoint.sh delete mode 100644 21.0-rc/apache/upgrade.exclude delete mode 100644 21.0-rc/fpm-alpine/Dockerfile delete mode 100644 21.0-rc/fpm-alpine/config/apcu.config.php delete mode 100644 21.0-rc/fpm-alpine/config/apps.config.php delete mode 100644 21.0-rc/fpm-alpine/config/autoconfig.php delete mode 100644 21.0-rc/fpm-alpine/config/redis.config.php delete mode 100644 21.0-rc/fpm-alpine/config/reverse-proxy.config.php delete mode 100644 21.0-rc/fpm-alpine/config/s3.config.php delete mode 100644 21.0-rc/fpm-alpine/config/smtp.config.php delete mode 100644 21.0-rc/fpm-alpine/config/swift.config.php delete mode 100755 21.0-rc/fpm-alpine/cron.sh delete mode 100755 21.0-rc/fpm-alpine/entrypoint.sh delete mode 100644 21.0-rc/fpm-alpine/upgrade.exclude delete mode 100644 21.0-rc/fpm/Dockerfile delete mode 100644 21.0-rc/fpm/config/apcu.config.php delete mode 100644 21.0-rc/fpm/config/apps.config.php delete mode 100644 21.0-rc/fpm/config/autoconfig.php delete mode 100644 21.0-rc/fpm/config/redis.config.php delete mode 100644 21.0-rc/fpm/config/reverse-proxy.config.php delete mode 100644 21.0-rc/fpm/config/s3.config.php delete mode 100644 21.0-rc/fpm/config/smtp.config.php delete mode 100644 21.0-rc/fpm/config/swift.config.php delete mode 100755 21.0-rc/fpm/cron.sh delete mode 100755 21.0-rc/fpm/entrypoint.sh delete mode 100644 21.0-rc/fpm/upgrade.exclude diff --git a/19.0-rc/apache/Dockerfile b/19.0-rc/apache/Dockerfile deleted file mode 100644 index dc361f2e..00000000 --- a/19.0-rc/apache/Dockerfile +++ /dev/null @@ -1,157 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-apache-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - -RUN a2enmod headers rewrite remoteip ;\ - {\ - echo RemoteIPHeader X-Real-IP ;\ - echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ - echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ - echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ - } > /etc/apache2/conf-available/remoteip.conf;\ - a2enconf remoteip - -ENV NEXTCLOUD_VERSION 19.0.10RC1 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["apache2-foreground"] diff --git a/19.0-rc/apache/config/apache-pretty-urls.config.php b/19.0-rc/apache/config/apache-pretty-urls.config.php deleted file mode 100644 index 72da1d8c..00000000 --- a/19.0-rc/apache/config/apache-pretty-urls.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '/', -); diff --git a/19.0-rc/apache/config/apcu.config.php b/19.0-rc/apache/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/19.0-rc/apache/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/19.0-rc/apache/config/apps.config.php b/19.0-rc/apache/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/19.0-rc/apache/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/19.0-rc/apache/config/autoconfig.php b/19.0-rc/apache/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/19.0-rc/apache/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/19.0-rc/apache/config/reverse-proxy.config.php b/19.0-rc/apache/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/19.0-rc/apache/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/19.0-rc/apache/config/smtp.config.php b/19.0-rc/apache/config/smtp.config.php deleted file mode 100644 index 59f1eaa1..00000000 --- a/19.0-rc/apache/config/smtp.config.php +++ /dev/null @@ -1,15 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); -} diff --git a/19.0-rc/apache/config/swift.config.php b/19.0-rc/apache/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/19.0-rc/apache/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/19.0-rc/apache/cron.sh b/19.0-rc/apache/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/19.0-rc/apache/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/19.0-rc/apache/entrypoint.sh b/19.0-rc/apache/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/19.0-rc/apache/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/19.0-rc/apache/upgrade.exclude b/19.0-rc/apache/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/19.0-rc/apache/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/19.0-rc/fpm-alpine/Dockerfile b/19.0-rc/fpm-alpine/Dockerfile deleted file mode 100644 index fadb9f65..00000000 --- a/19.0-rc/fpm-alpine/Dockerfile +++ /dev/null @@ -1,134 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apk add --no-cache \ - rsync \ - ; \ - \ - rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -RUN set -ex; \ - \ - apk add --no-cache --virtual .build-deps \ - $PHPIZE_DEPS \ - autoconf \ - freetype-dev \ - icu-dev \ - libevent-dev \ - libjpeg-turbo-dev \ - libmcrypt-dev \ - libpng-dev \ - libmemcached-dev \ - libxml2-dev \ - libzip-dev \ - openldap-dev \ - pcre-dev \ - postgresql-dev \ - imagemagick-dev \ - libwebp-dev \ - gmp-dev \ - ; \ - \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del .build-deps - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 19.0.10RC1 - -RUN set -ex; \ - apk add --no-cache --virtual .fetch-deps \ - bzip2 \ - gnupg \ - ; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - apk del .fetch-deps - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/19.0-rc/fpm-alpine/config/apcu.config.php b/19.0-rc/fpm-alpine/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/19.0-rc/fpm-alpine/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/19.0-rc/fpm-alpine/config/apps.config.php b/19.0-rc/fpm-alpine/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/19.0-rc/fpm-alpine/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/19.0-rc/fpm-alpine/config/autoconfig.php b/19.0-rc/fpm-alpine/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/19.0-rc/fpm-alpine/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/19.0-rc/fpm-alpine/config/reverse-proxy.config.php b/19.0-rc/fpm-alpine/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/19.0-rc/fpm-alpine/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/19.0-rc/fpm-alpine/config/smtp.config.php b/19.0-rc/fpm-alpine/config/smtp.config.php deleted file mode 100644 index 59f1eaa1..00000000 --- a/19.0-rc/fpm-alpine/config/smtp.config.php +++ /dev/null @@ -1,15 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); -} diff --git a/19.0-rc/fpm-alpine/config/swift.config.php b/19.0-rc/fpm-alpine/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/19.0-rc/fpm-alpine/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/19.0-rc/fpm-alpine/cron.sh b/19.0-rc/fpm-alpine/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/19.0-rc/fpm-alpine/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/19.0-rc/fpm-alpine/entrypoint.sh b/19.0-rc/fpm-alpine/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/19.0-rc/fpm-alpine/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/19.0-rc/fpm-alpine/upgrade.exclude b/19.0-rc/fpm-alpine/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/19.0-rc/fpm-alpine/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/19.0-rc/fpm/Dockerfile b/19.0-rc/fpm/Dockerfile deleted file mode 100644 index 47f48ffc..00000000 --- a/19.0-rc/fpm/Dockerfile +++ /dev/null @@ -1,149 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-fpm-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 19.0.10RC1 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/19.0-rc/fpm/config/apcu.config.php b/19.0-rc/fpm/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/19.0-rc/fpm/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/19.0-rc/fpm/config/apps.config.php b/19.0-rc/fpm/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/19.0-rc/fpm/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/19.0-rc/fpm/config/autoconfig.php b/19.0-rc/fpm/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/19.0-rc/fpm/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/19.0-rc/fpm/config/reverse-proxy.config.php b/19.0-rc/fpm/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/19.0-rc/fpm/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/19.0-rc/fpm/config/smtp.config.php b/19.0-rc/fpm/config/smtp.config.php deleted file mode 100644 index 59f1eaa1..00000000 --- a/19.0-rc/fpm/config/smtp.config.php +++ /dev/null @@ -1,15 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); -} diff --git a/19.0-rc/fpm/config/swift.config.php b/19.0-rc/fpm/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/19.0-rc/fpm/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/19.0-rc/fpm/cron.sh b/19.0-rc/fpm/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/19.0-rc/fpm/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/19.0-rc/fpm/entrypoint.sh b/19.0-rc/fpm/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/19.0-rc/fpm/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/19.0-rc/fpm/upgrade.exclude b/19.0-rc/fpm/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/19.0-rc/fpm/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/19.0/apache/Dockerfile b/19.0/apache/Dockerfile index 660a057c..977e56cb 100644 --- a/19.0/apache/Dockerfile +++ b/19.0/apache/Dockerfile @@ -121,7 +121,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 19.0.9 +ENV NEXTCLOUD_VERSION 19.0.10 RUN set -ex; \ fetchDeps=" \ diff --git a/19.0/fpm-alpine/Dockerfile b/19.0/fpm-alpine/Dockerfile index 474f9c84..90bbe110 100644 --- a/19.0/fpm-alpine/Dockerfile +++ b/19.0/fpm-alpine/Dockerfile @@ -102,7 +102,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 19.0.9 +ENV NEXTCLOUD_VERSION 19.0.10 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/19.0/fpm/Dockerfile b/19.0/fpm/Dockerfile index 1016f55a..fe3596f9 100644 --- a/19.0/fpm/Dockerfile +++ b/19.0/fpm/Dockerfile @@ -113,7 +113,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 19.0.9 +ENV NEXTCLOUD_VERSION 19.0.10 RUN set -ex; \ fetchDeps=" \ diff --git a/20.0-rc/apache/Dockerfile b/20.0-rc/apache/Dockerfile deleted file mode 100644 index 8912e76d..00000000 --- a/20.0-rc/apache/Dockerfile +++ /dev/null @@ -1,157 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-apache-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - -RUN a2enmod headers rewrite remoteip ;\ - {\ - echo RemoteIPHeader X-Real-IP ;\ - echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ - echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ - echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ - } > /etc/apache2/conf-available/remoteip.conf;\ - a2enconf remoteip - -ENV NEXTCLOUD_VERSION 20.0.9RC1 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["apache2-foreground"] diff --git a/20.0-rc/apache/config/apache-pretty-urls.config.php b/20.0-rc/apache/config/apache-pretty-urls.config.php deleted file mode 100644 index 72da1d8c..00000000 --- a/20.0-rc/apache/config/apache-pretty-urls.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '/', -); diff --git a/20.0-rc/apache/config/apcu.config.php b/20.0-rc/apache/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/20.0-rc/apache/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/20.0-rc/apache/config/apps.config.php b/20.0-rc/apache/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/20.0-rc/apache/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/20.0-rc/apache/config/autoconfig.php b/20.0-rc/apache/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/20.0-rc/apache/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/20.0-rc/apache/config/reverse-proxy.config.php b/20.0-rc/apache/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/20.0-rc/apache/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/20.0-rc/apache/config/smtp.config.php b/20.0-rc/apache/config/smtp.config.php deleted file mode 100644 index 59f1eaa1..00000000 --- a/20.0-rc/apache/config/smtp.config.php +++ /dev/null @@ -1,15 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); -} diff --git a/20.0-rc/apache/config/swift.config.php b/20.0-rc/apache/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/20.0-rc/apache/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/20.0-rc/apache/cron.sh b/20.0-rc/apache/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/20.0-rc/apache/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/20.0-rc/apache/entrypoint.sh b/20.0-rc/apache/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/20.0-rc/apache/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/20.0-rc/apache/upgrade.exclude b/20.0-rc/apache/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/20.0-rc/apache/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/20.0-rc/fpm-alpine/Dockerfile b/20.0-rc/fpm-alpine/Dockerfile deleted file mode 100644 index b2522ce3..00000000 --- a/20.0-rc/fpm-alpine/Dockerfile +++ /dev/null @@ -1,134 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apk add --no-cache \ - rsync \ - ; \ - \ - rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -RUN set -ex; \ - \ - apk add --no-cache --virtual .build-deps \ - $PHPIZE_DEPS \ - autoconf \ - freetype-dev \ - icu-dev \ - libevent-dev \ - libjpeg-turbo-dev \ - libmcrypt-dev \ - libpng-dev \ - libmemcached-dev \ - libxml2-dev \ - libzip-dev \ - openldap-dev \ - pcre-dev \ - postgresql-dev \ - imagemagick-dev \ - libwebp-dev \ - gmp-dev \ - ; \ - \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del .build-deps - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 20.0.9RC1 - -RUN set -ex; \ - apk add --no-cache --virtual .fetch-deps \ - bzip2 \ - gnupg \ - ; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - apk del .fetch-deps - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/20.0-rc/fpm-alpine/config/apcu.config.php b/20.0-rc/fpm-alpine/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/20.0-rc/fpm-alpine/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/20.0-rc/fpm-alpine/config/apps.config.php b/20.0-rc/fpm-alpine/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/20.0-rc/fpm-alpine/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/20.0-rc/fpm-alpine/config/autoconfig.php b/20.0-rc/fpm-alpine/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/20.0-rc/fpm-alpine/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/20.0-rc/fpm-alpine/config/reverse-proxy.config.php b/20.0-rc/fpm-alpine/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/20.0-rc/fpm-alpine/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/20.0-rc/fpm-alpine/config/smtp.config.php b/20.0-rc/fpm-alpine/config/smtp.config.php deleted file mode 100644 index 59f1eaa1..00000000 --- a/20.0-rc/fpm-alpine/config/smtp.config.php +++ /dev/null @@ -1,15 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); -} diff --git a/20.0-rc/fpm-alpine/config/swift.config.php b/20.0-rc/fpm-alpine/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/20.0-rc/fpm-alpine/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/20.0-rc/fpm-alpine/cron.sh b/20.0-rc/fpm-alpine/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/20.0-rc/fpm-alpine/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/20.0-rc/fpm-alpine/entrypoint.sh b/20.0-rc/fpm-alpine/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/20.0-rc/fpm-alpine/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/20.0-rc/fpm-alpine/upgrade.exclude b/20.0-rc/fpm-alpine/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/20.0-rc/fpm-alpine/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/20.0-rc/fpm/Dockerfile b/20.0-rc/fpm/Dockerfile deleted file mode 100644 index 293b89a9..00000000 --- a/20.0-rc/fpm/Dockerfile +++ /dev/null @@ -1,149 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-fpm-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 20.0.9RC1 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/20.0-rc/fpm/config/apcu.config.php b/20.0-rc/fpm/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/20.0-rc/fpm/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/20.0-rc/fpm/config/apps.config.php b/20.0-rc/fpm/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/20.0-rc/fpm/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/20.0-rc/fpm/config/autoconfig.php b/20.0-rc/fpm/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/20.0-rc/fpm/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/20.0-rc/fpm/config/reverse-proxy.config.php b/20.0-rc/fpm/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/20.0-rc/fpm/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/20.0-rc/fpm/config/smtp.config.php b/20.0-rc/fpm/config/smtp.config.php deleted file mode 100644 index 59f1eaa1..00000000 --- a/20.0-rc/fpm/config/smtp.config.php +++ /dev/null @@ -1,15 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); -} diff --git a/20.0-rc/fpm/config/swift.config.php b/20.0-rc/fpm/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/20.0-rc/fpm/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/20.0-rc/fpm/cron.sh b/20.0-rc/fpm/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/20.0-rc/fpm/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/20.0-rc/fpm/entrypoint.sh b/20.0-rc/fpm/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/20.0-rc/fpm/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/20.0-rc/fpm/upgrade.exclude b/20.0-rc/fpm/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/20.0-rc/fpm/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/20.0/apache/Dockerfile b/20.0/apache/Dockerfile index 7aa5b25f..597a2e18 100644 --- a/20.0/apache/Dockerfile +++ b/20.0/apache/Dockerfile @@ -121,7 +121,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 20.0.8 +ENV NEXTCLOUD_VERSION 20.0.9 RUN set -ex; \ fetchDeps=" \ diff --git a/20.0/fpm-alpine/Dockerfile b/20.0/fpm-alpine/Dockerfile index 9ac9dcac..69b7bab0 100644 --- a/20.0/fpm-alpine/Dockerfile +++ b/20.0/fpm-alpine/Dockerfile @@ -102,7 +102,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 20.0.8 +ENV NEXTCLOUD_VERSION 20.0.9 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/20.0/fpm/Dockerfile b/20.0/fpm/Dockerfile index 4dbd9eb9..aacd976a 100644 --- a/20.0/fpm/Dockerfile +++ b/20.0/fpm/Dockerfile @@ -113,7 +113,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 20.0.8 +ENV NEXTCLOUD_VERSION 20.0.9 RUN set -ex; \ fetchDeps=" \ diff --git a/21.0-rc/apache/Dockerfile b/21.0-rc/apache/Dockerfile deleted file mode 100644 index 91349fe6..00000000 --- a/21.0-rc/apache/Dockerfile +++ /dev/null @@ -1,157 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-apache-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - -RUN a2enmod headers rewrite remoteip ;\ - {\ - echo RemoteIPHeader X-Real-IP ;\ - echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ - echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ - echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ - } > /etc/apache2/conf-available/remoteip.conf;\ - a2enconf remoteip - -ENV NEXTCLOUD_VERSION 21.0.1RC1 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["apache2-foreground"] diff --git a/21.0-rc/apache/config/apache-pretty-urls.config.php b/21.0-rc/apache/config/apache-pretty-urls.config.php deleted file mode 100644 index 72da1d8c..00000000 --- a/21.0-rc/apache/config/apache-pretty-urls.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '/', -); diff --git a/21.0-rc/apache/config/apcu.config.php b/21.0-rc/apache/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/21.0-rc/apache/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/21.0-rc/apache/config/apps.config.php b/21.0-rc/apache/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/21.0-rc/apache/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/21.0-rc/apache/config/autoconfig.php b/21.0-rc/apache/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/21.0-rc/apache/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/21.0-rc/apache/config/reverse-proxy.config.php b/21.0-rc/apache/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/21.0-rc/apache/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/21.0-rc/apache/config/smtp.config.php b/21.0-rc/apache/config/smtp.config.php deleted file mode 100644 index 59f1eaa1..00000000 --- a/21.0-rc/apache/config/smtp.config.php +++ /dev/null @@ -1,15 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); -} diff --git a/21.0-rc/apache/config/swift.config.php b/21.0-rc/apache/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/21.0-rc/apache/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/21.0-rc/apache/cron.sh b/21.0-rc/apache/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/21.0-rc/apache/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/21.0-rc/apache/entrypoint.sh b/21.0-rc/apache/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/21.0-rc/apache/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/21.0-rc/apache/upgrade.exclude b/21.0-rc/apache/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/21.0-rc/apache/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/21.0-rc/fpm-alpine/Dockerfile b/21.0-rc/fpm-alpine/Dockerfile deleted file mode 100644 index f507b064..00000000 --- a/21.0-rc/fpm-alpine/Dockerfile +++ /dev/null @@ -1,134 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apk add --no-cache \ - rsync \ - ; \ - \ - rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -RUN set -ex; \ - \ - apk add --no-cache --virtual .build-deps \ - $PHPIZE_DEPS \ - autoconf \ - freetype-dev \ - icu-dev \ - libevent-dev \ - libjpeg-turbo-dev \ - libmcrypt-dev \ - libpng-dev \ - libmemcached-dev \ - libxml2-dev \ - libzip-dev \ - openldap-dev \ - pcre-dev \ - postgresql-dev \ - imagemagick-dev \ - libwebp-dev \ - gmp-dev \ - ; \ - \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del .build-deps - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 21.0.1RC1 - -RUN set -ex; \ - apk add --no-cache --virtual .fetch-deps \ - bzip2 \ - gnupg \ - ; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - apk del .fetch-deps - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/21.0-rc/fpm-alpine/config/apcu.config.php b/21.0-rc/fpm-alpine/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/21.0-rc/fpm-alpine/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/21.0-rc/fpm-alpine/config/apps.config.php b/21.0-rc/fpm-alpine/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/21.0-rc/fpm-alpine/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/21.0-rc/fpm-alpine/config/autoconfig.php b/21.0-rc/fpm-alpine/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/21.0-rc/fpm-alpine/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/21.0-rc/fpm-alpine/config/reverse-proxy.config.php b/21.0-rc/fpm-alpine/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/21.0-rc/fpm-alpine/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/21.0-rc/fpm-alpine/config/smtp.config.php b/21.0-rc/fpm-alpine/config/smtp.config.php deleted file mode 100644 index 59f1eaa1..00000000 --- a/21.0-rc/fpm-alpine/config/smtp.config.php +++ /dev/null @@ -1,15 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); -} diff --git a/21.0-rc/fpm-alpine/config/swift.config.php b/21.0-rc/fpm-alpine/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/21.0-rc/fpm-alpine/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/21.0-rc/fpm-alpine/cron.sh b/21.0-rc/fpm-alpine/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/21.0-rc/fpm-alpine/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/21.0-rc/fpm-alpine/entrypoint.sh b/21.0-rc/fpm-alpine/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/21.0-rc/fpm-alpine/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/21.0-rc/fpm-alpine/upgrade.exclude b/21.0-rc/fpm-alpine/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/21.0-rc/fpm-alpine/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/21.0-rc/fpm/Dockerfile b/21.0-rc/fpm/Dockerfile deleted file mode 100644 index 2d811fb8..00000000 --- a/21.0-rc/fpm/Dockerfile +++ /dev/null @@ -1,149 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:7.4-fpm-buster - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - rsync \ - bzip2 \ - busybox-static \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libxml2-dev \ - libmagickwand-dev \ - libzip-dev \ - libwebp-dev \ - libgmp-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - gmp \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.20; \ - pecl install memcached-3.1.5; \ - pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ - \ - docker-php-ext-enable \ - apcu \ - memcached \ - redis \ - imagick \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ - \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > /usr/local/etc/php/conf.d/nextcloud.ini; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 21.0.1RC1 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/21.0-rc/fpm/config/apcu.config.php b/21.0-rc/fpm/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/21.0-rc/fpm/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/21.0-rc/fpm/config/apps.config.php b/21.0-rc/fpm/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/21.0-rc/fpm/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/21.0-rc/fpm/config/autoconfig.php b/21.0-rc/fpm/config/autoconfig.php deleted file mode 100644 index f01f18d6..00000000 --- a/21.0-rc/fpm/config/autoconfig.php +++ /dev/null @@ -1,27 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/21.0-rc/fpm/config/reverse-proxy.config.php b/21.0-rc/fpm/config/reverse-proxy.config.php deleted file mode 100644 index 667be312..00000000 --- a/21.0-rc/fpm/config/reverse-proxy.config.php +++ /dev/null @@ -1,25 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', - 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); -} diff --git a/21.0-rc/fpm/config/smtp.config.php b/21.0-rc/fpm/config/smtp.config.php deleted file mode 100644 index 59f1eaa1..00000000 --- a/21.0-rc/fpm/config/smtp.config.php +++ /dev/null @@ -1,15 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); -} diff --git a/21.0-rc/fpm/config/swift.config.php b/21.0-rc/fpm/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/21.0-rc/fpm/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/21.0-rc/fpm/cron.sh b/21.0-rc/fpm/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/21.0-rc/fpm/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/21.0-rc/fpm/entrypoint.sh b/21.0-rc/fpm/entrypoint.sh deleted file mode 100755 index b6da893b..00000000 --- a/21.0-rc/fpm/entrypoint.sh +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p www-data -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown www-data:root" - else - rsync_options="-rlD" - fi - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - echo "Initializing finished" - - #install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "running web-based installer on first connect!" - fi - fi - #upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - fi -fi - -exec "$@" diff --git a/21.0-rc/fpm/upgrade.exclude b/21.0-rc/fpm/upgrade.exclude deleted file mode 100644 index 354864da..00000000 --- a/21.0-rc/fpm/upgrade.exclude +++ /dev/null @@ -1,5 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php diff --git a/21.0/apache/Dockerfile b/21.0/apache/Dockerfile index cc8f80de..4f68879a 100644 --- a/21.0/apache/Dockerfile +++ b/21.0/apache/Dockerfile @@ -121,7 +121,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 21.0.0 +ENV NEXTCLOUD_VERSION 21.0.1 RUN set -ex; \ fetchDeps=" \ diff --git a/21.0/fpm-alpine/Dockerfile b/21.0/fpm-alpine/Dockerfile index 0e2aaf68..2bcdbb04 100644 --- a/21.0/fpm-alpine/Dockerfile +++ b/21.0/fpm-alpine/Dockerfile @@ -102,7 +102,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 21.0.0 +ENV NEXTCLOUD_VERSION 21.0.1 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/21.0/fpm/Dockerfile b/21.0/fpm/Dockerfile index f007e3a0..e3c00ff0 100644 --- a/21.0/fpm/Dockerfile +++ b/21.0/fpm/Dockerfile @@ -113,7 +113,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 21.0.0 +ENV NEXTCLOUD_VERSION 21.0.1 RUN set -ex; \ fetchDeps=" \ diff --git a/latest.txt b/latest.txt index fb5b5130..a8f5438c 100644 --- a/latest.txt +++ b/latest.txt @@ -1 +1 @@ -21.0.0 +21.0.1 From ede3bdc0cce452196a2a92b45f47a6059ba5e538 Mon Sep 17 00:00:00 2001 From: Florian Friedrich Date: Fri, 9 Apr 2021 13:32:17 +0200 Subject: [PATCH 02/26] Update stable tag to 20.0.9 (#1470) Signed-off-by: Florian Friedrich --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 7b4aacb8..fa813f51 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,7 +1,7 @@ #!/bin/bash set -Eeuo pipefail -stable_channel='20.0.8' +stable_channel='20.0.9' self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" From 45abf54d60c2f86ba50bd0628504aff23563cb2f Mon Sep 17 00:00:00 2001 From: J0WI Date: Mon, 26 Apr 2021 17:15:28 +0000 Subject: [PATCH 03/26] Drop prereleases (#1412) --- update.sh | 75 ------------------------------------------------------- 1 file changed, 75 deletions(-) diff --git a/update.sh b/update.sh index 00cb2efe..f25ae7a3 100755 --- a/update.sh +++ b/update.sh @@ -83,21 +83,6 @@ function version_greater_or_equal() { [[ "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" || "$1" == "$2" ]]; } -# checks if the the rc is already released -function check_released() { - printf '%s\n' "${fullversions[@]}" | grep -qE "^$( echo "$1" | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' )" -} - -# checks if the the beta has already a rc -function check_rc_released() { - printf '%s\n' "${fullversions_rc[@]}" | grep -qE "^$( echo "$1" | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' )" -} - -# checks if the the alpha has already a beta -function check_beta_released() { - printf '%s\n' "${fullversions_beta[@]}" | grep -qE "^$( echo "$1" | grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' )" -} - function create_variant() { dir="$1/$variant" phpVersion=${php_version[$version]-${php_version[default]}} @@ -182,63 +167,3 @@ for version in "${versions[@]}"; do done fi done - -fullversions_rc=( $( curl -fsSL 'https://download.nextcloud.com/server/prereleases/' |tac|tac| \ - grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}RC[[:digit:]]+' | \ - grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}RC[[:digit:]]+' | \ - sort -urV ) ) -versions_rc=( $( printf '%s\n' "${fullversions_rc[@]}" | cut -d. -f1-2 | sort -urV ) ) -for version in "${versions_rc[@]}"; do - fullversion="$( printf '%s\n' "${fullversions_rc[@]}" | grep -E "^$version" | head -1 )" - - if version_greater_or_equal "$version" "$min_version"; then - - if ! check_released "$fullversion"; then - - for variant in "${variants[@]}"; do - - create_variant "$version-rc" "https:\/\/download.nextcloud.com\/server\/prereleases" - done - fi - fi -done - -fullversions_beta=( $( curl -fsSL 'https://download.nextcloud.com/server/prereleases/' |tac|tac| \ - grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}beta[[:digit:]]+' | \ - grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}beta[[:digit:]]+' | \ - sort -urV ) ) -versions_beta=( $( printf '%s\n' "${fullversions_beta[@]}" | cut -d. -f1-2 | sort -urV ) ) -for version in "${versions_beta[@]}"; do - fullversion="$( printf '%s\n' "${fullversions_beta[@]}" | grep -E "^$version" | head -1 )" - - if version_greater_or_equal "$version" "$min_version"; then - - if ! check_rc_released "$fullversion"; then - - for variant in "${variants[@]}"; do - - create_variant "$version-beta" "https:\/\/download.nextcloud.com\/server\/prereleases" - done - fi - fi -done - -fullversions_alpha=( $( curl -fsSL 'https://download.nextcloud.com/server/prereleases/' |tac|tac| \ - grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}alpha[[:digit:]]+' | \ - grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}alpha[[:digit:]]+' | \ - sort -urV ) ) -versions_alpha=( $( printf '%s\n' "${fullversions_alpha[@]}" | cut -d. -f1-2 | sort -urV ) ) -for version in "${versions_alpha[@]}"; do - fullversion="$( printf '%s\n' "${fullversions_alpha[@]}" | grep -E "^$version" | head -1 )" - - if version_greater_or_equal "$version" "$min_version"; then - - if ! check_beta_released "$fullversion"; then - - for variant in "${variants[@]}"; do - - create_variant "$version-alpha" "https:\/\/download.nextcloud.com\/server\/prereleases" - done - fi - fi -done From 953ebac32b958ce3738ae839728cd7eba5c81051 Mon Sep 17 00:00:00 2001 From: J0WI Date: Mon, 26 Apr 2021 17:15:37 +0000 Subject: [PATCH 04/26] Reduce examples (#1484) --- .../insecure/mariadb-cron-redis/apache/db.env | 3 - .../apache/docker-compose.yml | 47 ----- .../insecure/mariadb-cron-redis/fpm/db.env | 3 - .../mariadb-cron-redis/fpm/docker-compose.yml | 55 ------ .../mariadb-cron-redis/fpm/web/Dockerfile | 3 - .../mariadb-cron-redis/fpm/web/nginx.conf | 168 ----------------- .../mariadb/apache/docker-compose.yml | 16 ++ .../insecure/mariadb/fpm/docker-compose.yml | 16 ++ .../postgres/apache/docker-compose.yml | 16 ++ .../insecure/postgres/fpm/docker-compose.yml | 16 ++ .../mariadb/fpm/db.env | 3 - .../mariadb/fpm/docker-compose.yml | 78 -------- .../mariadb/fpm/proxy/Dockerfile | 3 - .../mariadb/fpm/proxy/uploadsize.conf | 2 - .../mariadb/fpm/web/Dockerfile | 3 - .../mariadb/fpm/web/nginx.conf | 173 ------------------ .../mariadb-cron-redis/apache/db.env | 3 - .../apache/docker-compose.yml | 86 --------- .../apache/proxy/Dockerfile | 3 - .../apache/proxy/uploadsize.conf | 2 - .../mariadb-cron-redis/fpm/db.env | 3 - .../mariadb-cron-redis/fpm/docker-compose.yml | 95 ---------- .../mariadb-cron-redis/fpm/proxy/Dockerfile | 3 - .../fpm/proxy/uploadsize.conf | 2 - .../mariadb-cron-redis/fpm/web/Dockerfile | 3 - .../mariadb-cron-redis/fpm/web/nginx.conf | 173 ------------------ .../mariadb/apache/docker-compose.yml | 31 ++++ .../mariadb/fpm/docker-compose.yml | 31 ++++ .../postgres/apache/docker-compose.yml | 31 ++++ .../postgres/fpm/docker-compose.yml | 31 ++++ 30 files changed, 188 insertions(+), 914 deletions(-) delete mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env delete mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml delete mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env delete mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml delete mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile delete mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env delete mode 100644 .examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml delete mode 100644 .examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile delete mode 100644 .examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile delete mode 100644 .examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml deleted file mode 100644 index 600c609f..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml +++ /dev/null @@ -1,47 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - redis: - image: redis:alpine - restart: always - - app: - image: nextcloud:apache - restart: always - ports: - - 8080:80 - volumes: - - nextcloud:/var/www/html - environment: - - MYSQL_HOST=db - - REDIS_HOST=redis - env_file: - - db.env - depends_on: - - db - - redis - - cron: - image: nextcloud:apache - restart: always - volumes: - - nextcloud:/var/www/html - entrypoint: /cron.sh - depends_on: - - db - - redis - -volumes: - db: - nextcloud: diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml deleted file mode 100644 index 5ac5b3b1..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml +++ /dev/null @@ -1,55 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - redis: - image: redis:alpine - restart: always - - app: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - environment: - - MYSQL_HOST=db - - REDIS_HOST=redis - env_file: - - db.env - depends_on: - - db - - redis - - web: - build: ./web - restart: always - ports: - - 8080:80 - volumes: - - nextcloud:/var/www/html:ro - depends_on: - - app - - cron: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - entrypoint: /cron.sh - depends_on: - - db - - redis - -volumes: - db: - nextcloud: diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile deleted file mode 100644 index 9e620aff..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nginx:alpine - -COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf deleted file mode 100644 index 62095270..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf +++ /dev/null @@ -1,168 +0,0 @@ -worker_processes auto; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - upstream php-handler { - server app:9000; - } - - server { - listen 80; - - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } - - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - location / { - rewrite ^ /index.php; - } - - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; - set $path_info $fastcgi_path_info; - try_files $fastcgi_script_name =404; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; - - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } - } -} diff --git a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml index defa0bdb..600c609f 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml @@ -12,6 +12,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:apache restart: always @@ -21,10 +25,22 @@ services: - nextcloud:/var/www/html environment: - MYSQL_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis + + cron: + image: nextcloud:apache + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis volumes: db: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml index eb91bbdb..5ac5b3b1 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml @@ -12,6 +12,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:fpm-alpine restart: always @@ -19,10 +23,12 @@ services: - nextcloud:/var/www/html environment: - MYSQL_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis web: build: ./web @@ -34,6 +40,16 @@ services: depends_on: - app + cron: + image: nextcloud:fpm-alpine + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + volumes: db: nextcloud: diff --git a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml index 596568d6..03639056 100644 --- a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml @@ -9,6 +9,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:apache restart: always @@ -18,10 +22,22 @@ services: - nextcloud:/var/www/html environment: - POSTGRES_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis + + cron: + image: nextcloud:apache + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis volumes: db: diff --git a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml index b1ff459c..577dff94 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml @@ -9,6 +9,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:fpm-alpine restart: always @@ -16,10 +20,12 @@ services: - nextcloud:/var/www/html environment: - POSTGRES_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis web: build: ./web @@ -31,6 +37,16 @@ services: depends_on: - app + cron: + image: nextcloud:8fpm-alpine + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + volumes: db: nextcloud: diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml deleted file mode 100644 index 3d60f7ee..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/docker-compose.yml +++ /dev/null @@ -1,78 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - app: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - environment: - - MYSQL_HOST=db - env_file: - - db.env - depends_on: - - db - - web: - build: ./web - restart: always - volumes: - - nextcloud:/var/www/html:ro - environment: - - VIRTUAL_HOST= - depends_on: - - app - networks: - - proxy-tier - - default - - proxy: - build: ./proxy - restart: always - ports: - - 80:80 - - 443:443 - volumes: - - certs:/etc/nginx/certs:ro - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/tmp/docker.sock:ro - networks: - - proxy-tier - depends_on: - - omgwtfssl - - omgwtfssl: - image: paulczar/omgwtfssl - restart: "no" - volumes: - - certs:/certs - environment: - - SSL_SUBJECT=servhostname.local - - CA_SUBJECT=my@example.com - - SSL_KEY=/certs/servhostname.local.key - - SSL_CSR=/certs/servhostname.local.csr - - SSL_CERT=/certs/servhostname.local.crt - networks: - - proxy-tier - -volumes: - db: - nextcloud: - certs: - vhost.d: - html: - -networks: - proxy-tier: diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile deleted file mode 100644 index 242c84e1..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM jwilder/nginx-proxy:alpine - -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf deleted file mode 100644 index 7e3906ec..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/proxy/uploadsize.conf +++ /dev/null @@ -1,2 +0,0 @@ -client_max_body_size 10G; -proxy_request_buffering off; diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile deleted file mode 100644 index 9e620aff..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nginx:alpine - -COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf deleted file mode 100644 index 36f591d4..00000000 --- a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf +++ /dev/null @@ -1,173 +0,0 @@ -worker_processes auto; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - set_real_ip_from 192.168.0.0/16; - real_ip_header X-Real-IP; - - #gzip on; - - upstream php-handler { - server app:9000; - } - - server { - listen 80; - - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - location / { - rewrite ^ /index.php; - } - - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; - set $path_info $fastcgi_path_info; - try_files $fastcgi_script_name =404; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; - - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } - } -} diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml deleted file mode 100644 index 39ab2bef..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml +++ /dev/null @@ -1,86 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - redis: - image: redis:alpine - restart: always - - app: - image: nextcloud:apache - restart: always - volumes: - - nextcloud:/var/www/html - environment: - - VIRTUAL_HOST= - - LETSENCRYPT_HOST= - - LETSENCRYPT_EMAIL= - - MYSQL_HOST=db - - REDIS_HOST=redis - env_file: - - db.env - depends_on: - - db - - redis - networks: - - proxy-tier - - default - - cron: - image: nextcloud:apache - restart: always - volumes: - - nextcloud:/var/www/html - entrypoint: /cron.sh - depends_on: - - db - - redis - - proxy: - build: ./proxy - restart: always - ports: - - 80:80 - - 443:443 - labels: - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" - volumes: - - certs:/etc/nginx/certs:ro - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/tmp/docker.sock:ro - networks: - - proxy-tier - - letsencrypt-companion: - image: jrcs/letsencrypt-nginx-proxy-companion - restart: always - volumes: - - certs:/etc/nginx/certs - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - proxy-tier - depends_on: - - proxy - -volumes: - db: - nextcloud: - certs: - vhost.d: - html: - -networks: - proxy-tier: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile deleted file mode 100644 index 242c84e1..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM jwilder/nginx-proxy:alpine - -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf deleted file mode 100644 index 7e3906ec..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf +++ /dev/null @@ -1,2 +0,0 @@ -client_max_body_size 10G; -proxy_request_buffering off; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml deleted file mode 100644 index d5763620..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml +++ /dev/null @@ -1,95 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - redis: - image: redis:alpine - restart: always - - app: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - environment: - - MYSQL_HOST=db - - REDIS_HOST=redis - env_file: - - db.env - depends_on: - - db - - redis - - web: - build: ./web - restart: always - volumes: - - nextcloud:/var/www/html:ro - environment: - - VIRTUAL_HOST= - - LETSENCRYPT_HOST= - - LETSENCRYPT_EMAIL= - depends_on: - - app - networks: - - proxy-tier - - default - - cron: - image: nextcloud:fpm-alpine - restart: always - volumes: - - nextcloud:/var/www/html - entrypoint: /cron.sh - depends_on: - - db - - redis - - proxy: - build: ./proxy - restart: always - ports: - - 80:80 - - 443:443 - labels: - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" - volumes: - - certs:/etc/nginx/certs:ro - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/tmp/docker.sock:ro - networks: - - proxy-tier - - letsencrypt-companion: - image: jrcs/letsencrypt-nginx-proxy-companion - restart: always - volumes: - - certs:/etc/nginx/certs - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - proxy-tier - depends_on: - - proxy - -volumes: - db: - nextcloud: - certs: - vhost.d: - html: - -networks: - proxy-tier: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile deleted file mode 100644 index 242c84e1..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM jwilder/nginx-proxy:alpine - -COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf deleted file mode 100644 index 7e3906ec..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf +++ /dev/null @@ -1,2 +0,0 @@ -client_max_body_size 10G; -proxy_request_buffering off; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile deleted file mode 100644 index 9e620aff..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nginx:alpine - -COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf deleted file mode 100644 index 36f591d4..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf +++ /dev/null @@ -1,173 +0,0 @@ -worker_processes auto; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - set_real_ip_from 192.168.0.0/16; - real_ip_header X-Real-IP; - - #gzip on; - - upstream php-handler { - server app:9000; - } - - server { - listen 80; - - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - location / { - rewrite ^ /index.php; - } - - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; - set $path_info $fastcgi_path_info; - try_files $fastcgi_script_name =404; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; - - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; - } - } -} diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml index 3b5121a6..0639e18e 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml @@ -12,6 +12,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:apache restart: always @@ -22,14 +26,26 @@ services: - LETSENCRYPT_HOST= - LETSENCRYPT_EMAIL= - MYSQL_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis networks: - proxy-tier - default + cron: + image: nextcloud:apache + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + proxy: build: ./proxy restart: always @@ -59,6 +75,21 @@ services: depends_on: - proxy +# self signed +# omgwtfssl: +# image: paulczar/omgwtfssl +# restart: "no" +# volumes: +# - certs:/certs +# environment: +# - SSL_SUBJECT=servhostname.local +# - CA_SUBJECT=my@example.com +# - SSL_KEY=/certs/servhostname.local.key +# - SSL_CSR=/certs/servhostname.local.csr +# - SSL_CERT=/certs/servhostname.local.crt +# networks: +# - proxy-tier + volumes: db: nextcloud: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml index 5fc70af1..b00761b6 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml @@ -12,6 +12,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:fpm-alpine restart: always @@ -19,10 +23,12 @@ services: - nextcloud:/var/www/html environment: - MYSQL_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis web: build: ./web @@ -39,6 +45,16 @@ services: - proxy-tier - default + cron: + image: nextcloud:fpm-alpine + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + proxy: build: ./proxy restart: always @@ -68,6 +84,21 @@ services: depends_on: - proxy +# self signed +# omgwtfssl: +# image: paulczar/omgwtfssl +# restart: "no" +# volumes: +# - certs:/certs +# environment: +# - SSL_SUBJECT=servhostname.local +# - CA_SUBJECT=my@example.com +# - SSL_KEY=/certs/servhostname.local.key +# - SSL_CSR=/certs/servhostname.local.csr +# - SSL_CERT=/certs/servhostname.local.crt +# networks: +# - proxy-tier + volumes: db: nextcloud: diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml index 2e40e8d7..7c481db2 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml @@ -9,6 +9,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:apache restart: always @@ -19,14 +23,26 @@ services: - LETSENCRYPT_HOST= - LETSENCRYPT_EMAIL= - POSTGRES_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis networks: - proxy-tier - default + cron: + image: nextcloud:apache + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + proxy: build: ./proxy restart: always @@ -56,6 +72,21 @@ services: depends_on: - proxy +# self signed +# omgwtfssl: +# image: paulczar/omgwtfssl +# restart: "no" +# volumes: +# - certs:/certs +# environment: +# - SSL_SUBJECT=servhostname.local +# - CA_SUBJECT=my@example.com +# - SSL_KEY=/certs/servhostname.local.key +# - SSL_CSR=/certs/servhostname.local.csr +# - SSL_CERT=/certs/servhostname.local.crt +# networks: +# - proxy-tier + volumes: db: nextcloud: diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml index 39e85f71..194d7a71 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml @@ -9,6 +9,10 @@ services: env_file: - db.env + redis: + image: redis:alpine + restart: always + app: image: nextcloud:fpm-alpine restart: always @@ -16,10 +20,12 @@ services: - nextcloud:/var/www/html environment: - POSTGRES_HOST=db + - REDIS_HOST=redis env_file: - db.env depends_on: - db + - redis web: build: ./web @@ -36,6 +42,16 @@ services: - proxy-tier - default + cron: + image: nextcloud:fpm-alpine + restart: always + volumes: + - nextcloud:/var/www/html + entrypoint: /cron.sh + depends_on: + - db + - redis + proxy: build: ./proxy restart: always @@ -65,6 +81,21 @@ services: depends_on: - proxy +# self signed +# omgwtfssl: +# image: paulczar/omgwtfssl +# restart: "no" +# volumes: +# - certs:/certs +# environment: +# - SSL_SUBJECT=servhostname.local +# - CA_SUBJECT=my@example.com +# - SSL_KEY=/certs/servhostname.local.key +# - SSL_CSR=/certs/servhostname.local.csr +# - SSL_CERT=/certs/servhostname.local.crt +# networks: +# - proxy-tier + volumes: db: nextcloud: From e8fc118c4076622e8e16b90acdb890f14f2f52c5 Mon Sep 17 00:00:00 2001 From: J0WI Date: Mon, 26 Apr 2021 18:28:48 +0000 Subject: [PATCH 05/26] Add issue template (#1485) --- .github/ISSUE_TEMPLATE/Image_issue.md | 12 ++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 7 +++++++ 2 files changed, 19 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/Image_issue.md create mode 100644 .github/ISSUE_TEMPLATE/config.yml diff --git a/.github/ISSUE_TEMPLATE/Image_issue.md b/.github/ISSUE_TEMPLATE/Image_issue.md new file mode 100644 index 00000000..9bdf737c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/Image_issue.md @@ -0,0 +1,12 @@ +--- +name: 🐛 Image issue +about: Issues related to the Nextcloud Docker image +--- + + diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..d9019ddb --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,7 @@ +contact_links: + - name: 🐳 Docker Support and Help + url: https://forums.docker.com/ + about: Configuration, installation, networking and other questions + - name: ❓ Nextcloud Support and Help + url: https://help.nextcloud.com/ + about: Configuration, webserver/proxy or performance issues and other questions From ac9316073cb3d68c1f6bc2cb6ec2ffc37b4273be Mon Sep 17 00:00:00 2001 From: J0WI Date: Mon, 26 Apr 2021 18:36:02 +0000 Subject: [PATCH 06/26] Add link for Nextcloud issues (#1486) --- .github/ISSUE_TEMPLATE/Image_issue.md | 2 +- .github/ISSUE_TEMPLATE/config.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/Image_issue.md b/.github/ISSUE_TEMPLATE/Image_issue.md index 9bdf737c..5ab4ad0b 100644 --- a/.github/ISSUE_TEMPLATE/Image_issue.md +++ b/.github/ISSUE_TEMPLATE/Image_issue.md @@ -6,7 +6,7 @@ about: Issues related to the Nextcloud Docker image diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index d9019ddb..5a3fc37e 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,4 +1,7 @@ contact_links: + - name: 🐛 Nextcloud issue + url: https://github.com/nextcloud/server/issues/new/choose + about: Bug reports and feature requests for Nextcloud - name: 🐳 Docker Support and Help url: https://forums.docker.com/ about: Configuration, installation, networking and other questions From 83bd162c7a5c4582cdf827d055531bf17a8eadb8 Mon Sep 17 00:00:00 2001 From: 0x47 <0x47@users.noreply.github.com> Date: Tue, 27 Apr 2021 17:01:39 +0200 Subject: [PATCH 07/26] Fix broken smtp.config.php file (#1482) The current `smtp.config.php` file does not work as advertised in the documentation. Both `MAIL_FROM_ADDRESS` and `MAIL_DOMAIN` should be optional as the Nextcloud instance may use multiple _from addresses_ like no-reply@example.com or passwordreset-no-reply@example.com (or similar). It may also just use the domain name from the instance instead of a configured one. I tested this PR on NC 21 as I don't have access to the previous versions at the moment. I propose to leave NC 19 annd 20 as they are and to continue with this `smtp.config.php` from version 21 forward. Signed-off-by: 0x47 <0x47@users.noreply.github.com> --- 21.0/fpm-alpine/config/smtp.config.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/21.0/fpm-alpine/config/smtp.config.php b/21.0/fpm-alpine/config/smtp.config.php index 59f1eaa1..4bdf2c9a 100644 --- a/21.0/fpm-alpine/config/smtp.config.php +++ b/21.0/fpm-alpine/config/smtp.config.php @@ -1,5 +1,5 @@ 'smtp', 'mail_smtphost' => getenv('SMTP_HOST'), @@ -9,7 +9,11 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), ); + if (getenv('MAIL_FROM_ADDRESS')) { + $CONFIG['mail_from_address'] = getenv('MAIL_FROM_ADDRESS'); + } + if (getenv('MAIL_DOMAIN')) { + $CONFIG['mail_domain'] = getenv('MAIL_DOMAIN'); + } } From f0ca2b56e8acb9ea719777e0c08420eaa166264a Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Tue, 27 Apr 2021 15:02:03 +0000 Subject: [PATCH 08/26] Runs update.sh --- 21.0/fpm-alpine/config/smtp.config.php | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/21.0/fpm-alpine/config/smtp.config.php b/21.0/fpm-alpine/config/smtp.config.php index 4bdf2c9a..59f1eaa1 100644 --- a/21.0/fpm-alpine/config/smtp.config.php +++ b/21.0/fpm-alpine/config/smtp.config.php @@ -1,5 +1,5 @@ 'smtp', 'mail_smtphost' => getenv('SMTP_HOST'), @@ -9,11 +9,7 @@ if (getenv('SMTP_HOST')) { 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', + 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), + 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('MAIL_FROM_ADDRESS')) { - $CONFIG['mail_from_address'] = getenv('MAIL_FROM_ADDRESS'); - } - if (getenv('MAIL_DOMAIN')) { - $CONFIG['mail_domain'] = getenv('MAIL_DOMAIN'); - } } From def2eeae13aa576876bfeed979c8b31888331f2c Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 28 Apr 2021 14:57:30 +0000 Subject: [PATCH 09/26] typo --- .../docker-compose/insecure/postgres/fpm/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml index 577dff94..6f63f33c 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml @@ -38,7 +38,7 @@ services: - app cron: - image: nextcloud:8fpm-alpine + image: nextcloud:fpm-alpine restart: always volumes: - nextcloud:/var/www/html From 7cc3dcac758cd2ab0ec0e6d7fc9d701606c60af8 Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Fri, 21 May 2021 00:27:27 +0000 Subject: [PATCH 10/26] Runs update.sh --- 20.0/apache/Dockerfile | 2 +- 20.0/fpm-alpine/Dockerfile | 2 +- 20.0/fpm/Dockerfile | 2 +- 21.0/apache/Dockerfile | 2 +- 21.0/fpm-alpine/Dockerfile | 2 +- 21.0/fpm/Dockerfile | 2 +- latest.txt | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/20.0/apache/Dockerfile b/20.0/apache/Dockerfile index 597a2e18..66ae5c3e 100644 --- a/20.0/apache/Dockerfile +++ b/20.0/apache/Dockerfile @@ -121,7 +121,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 20.0.9 +ENV NEXTCLOUD_VERSION 20.0.10 RUN set -ex; \ fetchDeps=" \ diff --git a/20.0/fpm-alpine/Dockerfile b/20.0/fpm-alpine/Dockerfile index 69b7bab0..82a9bdf5 100644 --- a/20.0/fpm-alpine/Dockerfile +++ b/20.0/fpm-alpine/Dockerfile @@ -102,7 +102,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 20.0.9 +ENV NEXTCLOUD_VERSION 20.0.10 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/20.0/fpm/Dockerfile b/20.0/fpm/Dockerfile index aacd976a..bcb7e34e 100644 --- a/20.0/fpm/Dockerfile +++ b/20.0/fpm/Dockerfile @@ -113,7 +113,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 20.0.9 +ENV NEXTCLOUD_VERSION 20.0.10 RUN set -ex; \ fetchDeps=" \ diff --git a/21.0/apache/Dockerfile b/21.0/apache/Dockerfile index 4f68879a..48d556c7 100644 --- a/21.0/apache/Dockerfile +++ b/21.0/apache/Dockerfile @@ -121,7 +121,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 21.0.1 +ENV NEXTCLOUD_VERSION 21.0.2 RUN set -ex; \ fetchDeps=" \ diff --git a/21.0/fpm-alpine/Dockerfile b/21.0/fpm-alpine/Dockerfile index 2bcdbb04..bdde9ee3 100644 --- a/21.0/fpm-alpine/Dockerfile +++ b/21.0/fpm-alpine/Dockerfile @@ -102,7 +102,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 21.0.1 +ENV NEXTCLOUD_VERSION 21.0.2 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/21.0/fpm/Dockerfile b/21.0/fpm/Dockerfile index e3c00ff0..7d398529 100644 --- a/21.0/fpm/Dockerfile +++ b/21.0/fpm/Dockerfile @@ -113,7 +113,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 21.0.1 +ENV NEXTCLOUD_VERSION 21.0.2 RUN set -ex; \ fetchDeps=" \ diff --git a/latest.txt b/latest.txt index a8f5438c..80645cbd 100644 --- a/latest.txt +++ b/latest.txt @@ -1 +1 @@ -21.0.1 +21.0.2 From 3cd32ef5bb45631c9d91983fe091cf4b600e3ea8 Mon Sep 17 00:00:00 2001 From: Thomas131 Date: Fri, 21 May 2021 14:08:13 +0200 Subject: [PATCH 11/26] Push stable channel to 20.0.10 (#1498) Signed-off-by: Thomas131 --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index fa813f51..b4a8d420 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,7 +1,7 @@ #!/bin/bash set -Eeuo pipefail -stable_channel='20.0.9' +stable_channel='20.0.10' self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" From 05026b029d37fc5cd488d4a4a2a79480e39841ba Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Fri, 21 May 2021 12:08:35 +0000 Subject: [PATCH 12/26] Runs update.sh --- 19.0/apache/Dockerfile | 2 +- 19.0/fpm-alpine/Dockerfile | 2 +- 19.0/fpm/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/19.0/apache/Dockerfile b/19.0/apache/Dockerfile index 977e56cb..16bccf0a 100644 --- a/19.0/apache/Dockerfile +++ b/19.0/apache/Dockerfile @@ -121,7 +121,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 19.0.10 +ENV NEXTCLOUD_VERSION 19.0.12 RUN set -ex; \ fetchDeps=" \ diff --git a/19.0/fpm-alpine/Dockerfile b/19.0/fpm-alpine/Dockerfile index 90bbe110..a3619d6d 100644 --- a/19.0/fpm-alpine/Dockerfile +++ b/19.0/fpm-alpine/Dockerfile @@ -102,7 +102,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 19.0.10 +ENV NEXTCLOUD_VERSION 19.0.12 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/19.0/fpm/Dockerfile b/19.0/fpm/Dockerfile index fe3596f9..43ddc211 100644 --- a/19.0/fpm/Dockerfile +++ b/19.0/fpm/Dockerfile @@ -113,7 +113,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 19.0.10 +ENV NEXTCLOUD_VERSION 19.0.12 RUN set -ex; \ fetchDeps=" \ From 80171fb7c9b5cc488ed1512eda720fd266561b04 Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Fri, 18 Jun 2021 00:27:13 +0000 Subject: [PATCH 13/26] Runs update.sh --- 19.0/apache/Dockerfile | 2 +- 19.0/fpm-alpine/Dockerfile | 2 +- 19.0/fpm/Dockerfile | 2 +- 20.0/apache/Dockerfile | 2 +- 20.0/fpm-alpine/Dockerfile | 2 +- 20.0/fpm/Dockerfile | 2 +- 21.0/apache/Dockerfile | 2 +- 21.0/fpm-alpine/Dockerfile | 2 +- 21.0/fpm/Dockerfile | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/19.0/apache/Dockerfile b/19.0/apache/Dockerfile index 16bccf0a..31254238 100644 --- a/19.0/apache/Dockerfile +++ b/19.0/apache/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ + pecl install imagick-3.5.0; \ \ docker-php-ext-enable \ apcu \ diff --git a/19.0/fpm-alpine/Dockerfile b/19.0/fpm-alpine/Dockerfile index a3619d6d..17c8183d 100644 --- a/19.0/fpm-alpine/Dockerfile +++ b/19.0/fpm-alpine/Dockerfile @@ -55,7 +55,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ + pecl install imagick-3.5.0; \ \ docker-php-ext-enable \ apcu \ diff --git a/19.0/fpm/Dockerfile b/19.0/fpm/Dockerfile index 43ddc211..105c955d 100644 --- a/19.0/fpm/Dockerfile +++ b/19.0/fpm/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ + pecl install imagick-3.5.0; \ \ docker-php-ext-enable \ apcu \ diff --git a/20.0/apache/Dockerfile b/20.0/apache/Dockerfile index 66ae5c3e..8d0361a5 100644 --- a/20.0/apache/Dockerfile +++ b/20.0/apache/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ + pecl install imagick-3.5.0; \ \ docker-php-ext-enable \ apcu \ diff --git a/20.0/fpm-alpine/Dockerfile b/20.0/fpm-alpine/Dockerfile index 82a9bdf5..889c2520 100644 --- a/20.0/fpm-alpine/Dockerfile +++ b/20.0/fpm-alpine/Dockerfile @@ -55,7 +55,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ + pecl install imagick-3.5.0; \ \ docker-php-ext-enable \ apcu \ diff --git a/20.0/fpm/Dockerfile b/20.0/fpm/Dockerfile index bcb7e34e..8ff5bede 100644 --- a/20.0/fpm/Dockerfile +++ b/20.0/fpm/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ + pecl install imagick-3.5.0; \ \ docker-php-ext-enable \ apcu \ diff --git a/21.0/apache/Dockerfile b/21.0/apache/Dockerfile index 48d556c7..707fb7d0 100644 --- a/21.0/apache/Dockerfile +++ b/21.0/apache/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ + pecl install imagick-3.5.0; \ \ docker-php-ext-enable \ apcu \ diff --git a/21.0/fpm-alpine/Dockerfile b/21.0/fpm-alpine/Dockerfile index bdde9ee3..a9f1a29a 100644 --- a/21.0/fpm-alpine/Dockerfile +++ b/21.0/fpm-alpine/Dockerfile @@ -55,7 +55,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ + pecl install imagick-3.5.0; \ \ docker-php-ext-enable \ apcu \ diff --git a/21.0/fpm/Dockerfile b/21.0/fpm/Dockerfile index 7d398529..4f711184 100644 --- a/21.0/fpm/Dockerfile +++ b/21.0/fpm/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.4.4; \ + pecl install imagick-3.5.0; \ \ docker-php-ext-enable \ apcu \ From a92ea907312ac6d072b36fa76d11b6c9b5a4b8e6 Mon Sep 17 00:00:00 2001 From: J0WI Date: Sun, 27 Jun 2021 15:14:11 +0000 Subject: [PATCH 14/26] Update nginx.conf (#1517) https://github.com/nextcloud/documentation/blob/master/admin_manual/installation/nginx-root.conf.sample Signed-off-by: J0WI --- .../insecure/mariadb/fpm/web/nginx.conf | 181 +++++++++-------- .../insecure/postgres/fpm/web/nginx.conf | 181 +++++++++-------- .../mariadb/fpm/web/nginx.conf | 186 +++++++++--------- .../postgres/fpm/web/nginx.conf | 186 +++++++++--------- 4 files changed, 360 insertions(+), 374 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf index 62095270..ef8229c1 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf @@ -33,55 +33,16 @@ http { server { listen 80; - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # + # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # set max upload size - client_max_body_size 10G; + client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers @@ -92,77 +53,115 @@ http { gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; - location / { - rewrite ^ /index.php; + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } } - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; } - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; + #fastcgi_param HTTPS on; - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; + fastcgi_intercept_errors on; fastcgi_request_buffering off; } - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + location ~ \.woff2?$ { try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; } } } diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf index 62095270..ef8229c1 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf @@ -33,55 +33,16 @@ http { server { listen 80; - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # + # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host:$server_port/remote.php/dav; - } + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # set max upload size - client_max_body_size 10G; + client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers @@ -92,77 +53,115 @@ http { gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; - location / { - rewrite ^ /index.php; + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } } - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; } - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; + #fastcgi_param HTTPS on; - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; + fastcgi_intercept_errors on; fastcgi_request_buffering off; } - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + location ~ \.woff2?$ { try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; } } } diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf index 36f591d4..ef8229c1 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -24,11 +24,6 @@ http { keepalive_timeout 65; - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - set_real_ip_from 192.168.0.0/16; - real_ip_header X-Real-IP; - #gzip on; upstream php-handler { @@ -38,55 +33,16 @@ http { server { listen 80; - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # + # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # set max upload size - client_max_body_size 10G; + client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers @@ -97,77 +53,115 @@ http { gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; - location / { - rewrite ^ /index.php; + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } } - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; } - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; + #fastcgi_param HTTPS on; - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; + fastcgi_intercept_errors on; fastcgi_request_buffering off; } - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + location ~ \.woff2?$ { try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; } } } diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf index 36f591d4..ef8229c1 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -24,11 +24,6 @@ http { keepalive_timeout 65; - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - set_real_ip_from 192.168.0.0/16; - real_ip_header X-Real-IP; - #gzip on; upstream php-handler { @@ -38,55 +33,16 @@ http { server { listen 80; - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # + # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - # The following rule is only needed for the Social app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/webfinger /public.php?service=webfinger last; - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # set max upload size - client_max_body_size 10G; + client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers @@ -97,77 +53,115 @@ http { gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; - location / { - rewrite ^ /index.php; + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } } - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; } - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; - # fastcgi_param HTTPS on; + #fastcgi_param HTTPS on; - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - - # Enable pretty urls - fastcgi_param front_controller_active true; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; + fastcgi_intercept_errors on; fastcgi_request_buffering off; } - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - # Adding the cache control header for js, css and map files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + location ~ \.woff2?$ { try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Optional: Don't log access to assets - access_log off; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - # Optional: Don't log access to other assets - access_log off; + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; } } } From 62a46a6c4d33a76ee0b4d38ebad8624548e79215 Mon Sep 17 00:00:00 2001 From: J0WI Date: Sun, 27 Jun 2021 15:23:11 +0000 Subject: [PATCH 15/26] Alpine 3.14 (#1521) * Update keyserver https://github.com/docker-library/faq/pull/23 * Alpine 3.14 --- 19.0/apache/Dockerfile | 2 +- 19.0/fpm-alpine/Dockerfile | 4 ++-- 19.0/fpm/Dockerfile | 2 +- 20.0/apache/Dockerfile | 2 +- 20.0/fpm-alpine/Dockerfile | 4 ++-- 20.0/fpm/Dockerfile | 2 +- 21.0/apache/Dockerfile | 2 +- 21.0/fpm-alpine/Dockerfile | 4 ++-- 21.0/fpm/Dockerfile | 2 +- Dockerfile-alpine.template | 4 ++-- Dockerfile-debian.template | 2 +- 11 files changed, 15 insertions(+), 15 deletions(-) diff --git a/19.0/apache/Dockerfile b/19.0/apache/Dockerfile index 31254238..38adc040 100644 --- a/19.0/apache/Dockerfile +++ b/19.0/apache/Dockerfile @@ -137,7 +137,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/19.0/fpm-alpine/Dockerfile b/19.0/fpm-alpine/Dockerfile index 17c8183d..5fae7a79 100644 --- a/19.0/fpm-alpine/Dockerfile +++ b/19.0/fpm-alpine/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 +FROM php:7.4-fpm-alpine3.14 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -116,7 +116,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/19.0/fpm/Dockerfile b/19.0/fpm/Dockerfile index 105c955d..382afc38 100644 --- a/19.0/fpm/Dockerfile +++ b/19.0/fpm/Dockerfile @@ -129,7 +129,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/20.0/apache/Dockerfile b/20.0/apache/Dockerfile index 8d0361a5..a7d8fb4a 100644 --- a/20.0/apache/Dockerfile +++ b/20.0/apache/Dockerfile @@ -137,7 +137,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/20.0/fpm-alpine/Dockerfile b/20.0/fpm-alpine/Dockerfile index 889c2520..e241c5b9 100644 --- a/20.0/fpm-alpine/Dockerfile +++ b/20.0/fpm-alpine/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 +FROM php:7.4-fpm-alpine3.14 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -116,7 +116,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/20.0/fpm/Dockerfile b/20.0/fpm/Dockerfile index 8ff5bede..0b882b13 100644 --- a/20.0/fpm/Dockerfile +++ b/20.0/fpm/Dockerfile @@ -129,7 +129,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/21.0/apache/Dockerfile b/21.0/apache/Dockerfile index 707fb7d0..358281e9 100644 --- a/21.0/apache/Dockerfile +++ b/21.0/apache/Dockerfile @@ -137,7 +137,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/21.0/fpm-alpine/Dockerfile b/21.0/fpm-alpine/Dockerfile index a9f1a29a..1ac82734 100644 --- a/21.0/fpm-alpine/Dockerfile +++ b/21.0/fpm-alpine/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:7.4-fpm-alpine3.13 +FROM php:7.4-fpm-alpine3.14 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -116,7 +116,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/21.0/fpm/Dockerfile b/21.0/fpm/Dockerfile index 4f711184..8acd3c7e 100644 --- a/21.0/fpm/Dockerfile +++ b/21.0/fpm/Dockerfile @@ -129,7 +129,7 @@ RUN set -ex; \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 784de608..4d05f14d 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,4 @@ -FROM php:%%PHP_VERSION%%-%%VARIANT%%3.13 +FROM php:%%PHP_VERSION%%-%%VARIANT%%3.14 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -115,7 +115,7 @@ RUN set -ex; \ "%%BASE_DOWNLOAD_URL%%/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index a4721361..5d0a4812 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -130,7 +130,7 @@ RUN set -ex; \ "%%BASE_DOWNLOAD_URL%%/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ gpgconf --kill all; \ From de10af6ed1fc7336d07d628584b6f50123f2b4ca Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Fri, 2 Jul 2021 00:26:31 +0000 Subject: [PATCH 16/26] Runs update.sh --- 19.0/apache/Dockerfile | 2 +- 19.0/fpm-alpine/Dockerfile | 2 +- 19.0/fpm/Dockerfile | 2 +- 20.0/apache/Dockerfile | 2 +- 20.0/fpm-alpine/Dockerfile | 2 +- 20.0/fpm/Dockerfile | 2 +- 21.0/apache/Dockerfile | 2 +- 21.0/fpm-alpine/Dockerfile | 2 +- 21.0/fpm/Dockerfile | 2 +- latest.txt | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/19.0/apache/Dockerfile b/19.0/apache/Dockerfile index 38adc040..b79224cb 100644 --- a/19.0/apache/Dockerfile +++ b/19.0/apache/Dockerfile @@ -121,7 +121,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 19.0.12 +ENV NEXTCLOUD_VERSION 19.0.13 RUN set -ex; \ fetchDeps=" \ diff --git a/19.0/fpm-alpine/Dockerfile b/19.0/fpm-alpine/Dockerfile index 5fae7a79..a45e6367 100644 --- a/19.0/fpm-alpine/Dockerfile +++ b/19.0/fpm-alpine/Dockerfile @@ -102,7 +102,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 19.0.12 +ENV NEXTCLOUD_VERSION 19.0.13 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/19.0/fpm/Dockerfile b/19.0/fpm/Dockerfile index 382afc38..a9c22c60 100644 --- a/19.0/fpm/Dockerfile +++ b/19.0/fpm/Dockerfile @@ -113,7 +113,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 19.0.12 +ENV NEXTCLOUD_VERSION 19.0.13 RUN set -ex; \ fetchDeps=" \ diff --git a/20.0/apache/Dockerfile b/20.0/apache/Dockerfile index a7d8fb4a..506dc35e 100644 --- a/20.0/apache/Dockerfile +++ b/20.0/apache/Dockerfile @@ -121,7 +121,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 20.0.10 +ENV NEXTCLOUD_VERSION 20.0.11 RUN set -ex; \ fetchDeps=" \ diff --git a/20.0/fpm-alpine/Dockerfile b/20.0/fpm-alpine/Dockerfile index e241c5b9..1360d13a 100644 --- a/20.0/fpm-alpine/Dockerfile +++ b/20.0/fpm-alpine/Dockerfile @@ -102,7 +102,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 20.0.10 +ENV NEXTCLOUD_VERSION 20.0.11 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/20.0/fpm/Dockerfile b/20.0/fpm/Dockerfile index 0b882b13..78251e78 100644 --- a/20.0/fpm/Dockerfile +++ b/20.0/fpm/Dockerfile @@ -113,7 +113,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 20.0.10 +ENV NEXTCLOUD_VERSION 20.0.11 RUN set -ex; \ fetchDeps=" \ diff --git a/21.0/apache/Dockerfile b/21.0/apache/Dockerfile index 358281e9..cbabaf92 100644 --- a/21.0/apache/Dockerfile +++ b/21.0/apache/Dockerfile @@ -121,7 +121,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 21.0.2 +ENV NEXTCLOUD_VERSION 21.0.3 RUN set -ex; \ fetchDeps=" \ diff --git a/21.0/fpm-alpine/Dockerfile b/21.0/fpm-alpine/Dockerfile index 1ac82734..9878136a 100644 --- a/21.0/fpm-alpine/Dockerfile +++ b/21.0/fpm-alpine/Dockerfile @@ -102,7 +102,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 21.0.2 +ENV NEXTCLOUD_VERSION 21.0.3 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/21.0/fpm/Dockerfile b/21.0/fpm/Dockerfile index 8acd3c7e..a009f46d 100644 --- a/21.0/fpm/Dockerfile +++ b/21.0/fpm/Dockerfile @@ -113,7 +113,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 21.0.2 +ENV NEXTCLOUD_VERSION 21.0.3 RUN set -ex; \ fetchDeps=" \ diff --git a/latest.txt b/latest.txt index 80645cbd..dc5d633c 100644 --- a/latest.txt +++ b/latest.txt @@ -1 +1 @@ -21.0.2 +21.0.3 From 043777ae8d924e96a371c6dab453db4a90996b56 Mon Sep 17 00:00:00 2001 From: J0WI Date: Fri, 2 Jul 2021 00:29:53 +0000 Subject: [PATCH 17/26] Update stable to 20.0.11 (#1525) Signed-off-by: J0WI --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index b4a8d420..1a0f5acb 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,7 +1,7 @@ #!/bin/bash set -Eeuo pipefail -stable_channel='20.0.10' +stable_channel='20.0.11' self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" From 9c6af73a768dbe48fd0cfa9434ff46042b9573d3 Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 6 Jul 2021 17:50:40 +0000 Subject: [PATCH 18/26] 19 EOL --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index f25ae7a3..f2382f2f 100755 --- a/update.sh +++ b/update.sh @@ -76,7 +76,7 @@ variants=( fpm-alpine ) -min_version='19.0' +min_version='20.0' # version_greater_or_equal A B returns whether A >= B function version_greater_or_equal() { From b6b9499252cd572f3bb903f2cb04d36ea880573f Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Tue, 6 Jul 2021 17:51:01 +0000 Subject: [PATCH 19/26] Runs update.sh --- {19.0 => 22.0}/apache/Dockerfile | 2 +- {19.0 => 22.0}/apache/config/apache-pretty-urls.config.php | 0 {19.0 => 22.0}/apache/config/apcu.config.php | 0 {19.0 => 22.0}/apache/config/apps.config.php | 0 {19.0 => 22.0}/apache/config/autoconfig.php | 0 {19.0 => 22.0}/apache/config/redis.config.php | 0 {19.0 => 22.0}/apache/config/reverse-proxy.config.php | 0 {19.0 => 22.0}/apache/config/s3.config.php | 0 {19.0 => 22.0}/apache/config/smtp.config.php | 0 {19.0 => 22.0}/apache/config/swift.config.php | 0 {19.0 => 22.0}/apache/cron.sh | 0 {19.0 => 22.0}/apache/entrypoint.sh | 0 {19.0 => 22.0}/apache/upgrade.exclude | 0 {19.0 => 22.0}/fpm-alpine/Dockerfile | 2 +- {19.0 => 22.0}/fpm-alpine/config/apcu.config.php | 0 {19.0 => 22.0}/fpm-alpine/config/apps.config.php | 0 {19.0 => 22.0}/fpm-alpine/config/autoconfig.php | 0 {19.0 => 22.0}/fpm-alpine/config/redis.config.php | 0 {19.0 => 22.0}/fpm-alpine/config/reverse-proxy.config.php | 0 {19.0 => 22.0}/fpm-alpine/config/s3.config.php | 0 {19.0 => 22.0}/fpm-alpine/config/smtp.config.php | 0 {19.0 => 22.0}/fpm-alpine/config/swift.config.php | 0 {19.0 => 22.0}/fpm-alpine/cron.sh | 0 {19.0 => 22.0}/fpm-alpine/entrypoint.sh | 0 {19.0 => 22.0}/fpm-alpine/upgrade.exclude | 0 {19.0 => 22.0}/fpm/Dockerfile | 2 +- {19.0 => 22.0}/fpm/config/apcu.config.php | 0 {19.0 => 22.0}/fpm/config/apps.config.php | 0 {19.0 => 22.0}/fpm/config/autoconfig.php | 0 {19.0 => 22.0}/fpm/config/redis.config.php | 0 {19.0 => 22.0}/fpm/config/reverse-proxy.config.php | 0 {19.0 => 22.0}/fpm/config/s3.config.php | 0 {19.0 => 22.0}/fpm/config/smtp.config.php | 0 {19.0 => 22.0}/fpm/config/swift.config.php | 0 {19.0 => 22.0}/fpm/cron.sh | 0 {19.0 => 22.0}/fpm/entrypoint.sh | 0 {19.0 => 22.0}/fpm/upgrade.exclude | 0 latest.txt | 2 +- 38 files changed, 4 insertions(+), 4 deletions(-) rename {19.0 => 22.0}/apache/Dockerfile (99%) rename {19.0 => 22.0}/apache/config/apache-pretty-urls.config.php (100%) rename {19.0 => 22.0}/apache/config/apcu.config.php (100%) rename {19.0 => 22.0}/apache/config/apps.config.php (100%) rename {19.0 => 22.0}/apache/config/autoconfig.php (100%) rename {19.0 => 22.0}/apache/config/redis.config.php (100%) rename {19.0 => 22.0}/apache/config/reverse-proxy.config.php (100%) rename {19.0 => 22.0}/apache/config/s3.config.php (100%) rename {19.0 => 22.0}/apache/config/smtp.config.php (100%) rename {19.0 => 22.0}/apache/config/swift.config.php (100%) rename {19.0 => 22.0}/apache/cron.sh (100%) rename {19.0 => 22.0}/apache/entrypoint.sh (100%) rename {19.0 => 22.0}/apache/upgrade.exclude (100%) rename {19.0 => 22.0}/fpm-alpine/Dockerfile (99%) rename {19.0 => 22.0}/fpm-alpine/config/apcu.config.php (100%) rename {19.0 => 22.0}/fpm-alpine/config/apps.config.php (100%) rename {19.0 => 22.0}/fpm-alpine/config/autoconfig.php (100%) rename {19.0 => 22.0}/fpm-alpine/config/redis.config.php (100%) rename {19.0 => 22.0}/fpm-alpine/config/reverse-proxy.config.php (100%) rename {19.0 => 22.0}/fpm-alpine/config/s3.config.php (100%) rename {19.0 => 22.0}/fpm-alpine/config/smtp.config.php (100%) rename {19.0 => 22.0}/fpm-alpine/config/swift.config.php (100%) rename {19.0 => 22.0}/fpm-alpine/cron.sh (100%) rename {19.0 => 22.0}/fpm-alpine/entrypoint.sh (100%) rename {19.0 => 22.0}/fpm-alpine/upgrade.exclude (100%) rename {19.0 => 22.0}/fpm/Dockerfile (99%) rename {19.0 => 22.0}/fpm/config/apcu.config.php (100%) rename {19.0 => 22.0}/fpm/config/apps.config.php (100%) rename {19.0 => 22.0}/fpm/config/autoconfig.php (100%) rename {19.0 => 22.0}/fpm/config/redis.config.php (100%) rename {19.0 => 22.0}/fpm/config/reverse-proxy.config.php (100%) rename {19.0 => 22.0}/fpm/config/s3.config.php (100%) rename {19.0 => 22.0}/fpm/config/smtp.config.php (100%) rename {19.0 => 22.0}/fpm/config/swift.config.php (100%) rename {19.0 => 22.0}/fpm/cron.sh (100%) rename {19.0 => 22.0}/fpm/entrypoint.sh (100%) rename {19.0 => 22.0}/fpm/upgrade.exclude (100%) diff --git a/19.0/apache/Dockerfile b/22.0/apache/Dockerfile similarity index 99% rename from 19.0/apache/Dockerfile rename to 22.0/apache/Dockerfile index b79224cb..3712a5cc 100644 --- a/19.0/apache/Dockerfile +++ b/22.0/apache/Dockerfile @@ -121,7 +121,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 19.0.13 +ENV NEXTCLOUD_VERSION 22.0.0 RUN set -ex; \ fetchDeps=" \ diff --git a/19.0/apache/config/apache-pretty-urls.config.php b/22.0/apache/config/apache-pretty-urls.config.php similarity index 100% rename from 19.0/apache/config/apache-pretty-urls.config.php rename to 22.0/apache/config/apache-pretty-urls.config.php diff --git a/19.0/apache/config/apcu.config.php b/22.0/apache/config/apcu.config.php similarity index 100% rename from 19.0/apache/config/apcu.config.php rename to 22.0/apache/config/apcu.config.php diff --git a/19.0/apache/config/apps.config.php b/22.0/apache/config/apps.config.php similarity index 100% rename from 19.0/apache/config/apps.config.php rename to 22.0/apache/config/apps.config.php diff --git a/19.0/apache/config/autoconfig.php b/22.0/apache/config/autoconfig.php similarity index 100% rename from 19.0/apache/config/autoconfig.php rename to 22.0/apache/config/autoconfig.php diff --git a/19.0/apache/config/redis.config.php b/22.0/apache/config/redis.config.php similarity index 100% rename from 19.0/apache/config/redis.config.php rename to 22.0/apache/config/redis.config.php diff --git a/19.0/apache/config/reverse-proxy.config.php b/22.0/apache/config/reverse-proxy.config.php similarity index 100% rename from 19.0/apache/config/reverse-proxy.config.php rename to 22.0/apache/config/reverse-proxy.config.php diff --git a/19.0/apache/config/s3.config.php b/22.0/apache/config/s3.config.php similarity index 100% rename from 19.0/apache/config/s3.config.php rename to 22.0/apache/config/s3.config.php diff --git a/19.0/apache/config/smtp.config.php b/22.0/apache/config/smtp.config.php similarity index 100% rename from 19.0/apache/config/smtp.config.php rename to 22.0/apache/config/smtp.config.php diff --git a/19.0/apache/config/swift.config.php b/22.0/apache/config/swift.config.php similarity index 100% rename from 19.0/apache/config/swift.config.php rename to 22.0/apache/config/swift.config.php diff --git a/19.0/apache/cron.sh b/22.0/apache/cron.sh similarity index 100% rename from 19.0/apache/cron.sh rename to 22.0/apache/cron.sh diff --git a/19.0/apache/entrypoint.sh b/22.0/apache/entrypoint.sh similarity index 100% rename from 19.0/apache/entrypoint.sh rename to 22.0/apache/entrypoint.sh diff --git a/19.0/apache/upgrade.exclude b/22.0/apache/upgrade.exclude similarity index 100% rename from 19.0/apache/upgrade.exclude rename to 22.0/apache/upgrade.exclude diff --git a/19.0/fpm-alpine/Dockerfile b/22.0/fpm-alpine/Dockerfile similarity index 99% rename from 19.0/fpm-alpine/Dockerfile rename to 22.0/fpm-alpine/Dockerfile index a45e6367..275c8751 100644 --- a/19.0/fpm-alpine/Dockerfile +++ b/22.0/fpm-alpine/Dockerfile @@ -102,7 +102,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 19.0.13 +ENV NEXTCLOUD_VERSION 22.0.0 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/19.0/fpm-alpine/config/apcu.config.php b/22.0/fpm-alpine/config/apcu.config.php similarity index 100% rename from 19.0/fpm-alpine/config/apcu.config.php rename to 22.0/fpm-alpine/config/apcu.config.php diff --git a/19.0/fpm-alpine/config/apps.config.php b/22.0/fpm-alpine/config/apps.config.php similarity index 100% rename from 19.0/fpm-alpine/config/apps.config.php rename to 22.0/fpm-alpine/config/apps.config.php diff --git a/19.0/fpm-alpine/config/autoconfig.php b/22.0/fpm-alpine/config/autoconfig.php similarity index 100% rename from 19.0/fpm-alpine/config/autoconfig.php rename to 22.0/fpm-alpine/config/autoconfig.php diff --git a/19.0/fpm-alpine/config/redis.config.php b/22.0/fpm-alpine/config/redis.config.php similarity index 100% rename from 19.0/fpm-alpine/config/redis.config.php rename to 22.0/fpm-alpine/config/redis.config.php diff --git a/19.0/fpm-alpine/config/reverse-proxy.config.php b/22.0/fpm-alpine/config/reverse-proxy.config.php similarity index 100% rename from 19.0/fpm-alpine/config/reverse-proxy.config.php rename to 22.0/fpm-alpine/config/reverse-proxy.config.php diff --git a/19.0/fpm-alpine/config/s3.config.php b/22.0/fpm-alpine/config/s3.config.php similarity index 100% rename from 19.0/fpm-alpine/config/s3.config.php rename to 22.0/fpm-alpine/config/s3.config.php diff --git a/19.0/fpm-alpine/config/smtp.config.php b/22.0/fpm-alpine/config/smtp.config.php similarity index 100% rename from 19.0/fpm-alpine/config/smtp.config.php rename to 22.0/fpm-alpine/config/smtp.config.php diff --git a/19.0/fpm-alpine/config/swift.config.php b/22.0/fpm-alpine/config/swift.config.php similarity index 100% rename from 19.0/fpm-alpine/config/swift.config.php rename to 22.0/fpm-alpine/config/swift.config.php diff --git a/19.0/fpm-alpine/cron.sh b/22.0/fpm-alpine/cron.sh similarity index 100% rename from 19.0/fpm-alpine/cron.sh rename to 22.0/fpm-alpine/cron.sh diff --git a/19.0/fpm-alpine/entrypoint.sh b/22.0/fpm-alpine/entrypoint.sh similarity index 100% rename from 19.0/fpm-alpine/entrypoint.sh rename to 22.0/fpm-alpine/entrypoint.sh diff --git a/19.0/fpm-alpine/upgrade.exclude b/22.0/fpm-alpine/upgrade.exclude similarity index 100% rename from 19.0/fpm-alpine/upgrade.exclude rename to 22.0/fpm-alpine/upgrade.exclude diff --git a/19.0/fpm/Dockerfile b/22.0/fpm/Dockerfile similarity index 99% rename from 19.0/fpm/Dockerfile rename to 22.0/fpm/Dockerfile index a9c22c60..a6123832 100644 --- a/19.0/fpm/Dockerfile +++ b/22.0/fpm/Dockerfile @@ -113,7 +113,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 19.0.13 +ENV NEXTCLOUD_VERSION 22.0.0 RUN set -ex; \ fetchDeps=" \ diff --git a/19.0/fpm/config/apcu.config.php b/22.0/fpm/config/apcu.config.php similarity index 100% rename from 19.0/fpm/config/apcu.config.php rename to 22.0/fpm/config/apcu.config.php diff --git a/19.0/fpm/config/apps.config.php b/22.0/fpm/config/apps.config.php similarity index 100% rename from 19.0/fpm/config/apps.config.php rename to 22.0/fpm/config/apps.config.php diff --git a/19.0/fpm/config/autoconfig.php b/22.0/fpm/config/autoconfig.php similarity index 100% rename from 19.0/fpm/config/autoconfig.php rename to 22.0/fpm/config/autoconfig.php diff --git a/19.0/fpm/config/redis.config.php b/22.0/fpm/config/redis.config.php similarity index 100% rename from 19.0/fpm/config/redis.config.php rename to 22.0/fpm/config/redis.config.php diff --git a/19.0/fpm/config/reverse-proxy.config.php b/22.0/fpm/config/reverse-proxy.config.php similarity index 100% rename from 19.0/fpm/config/reverse-proxy.config.php rename to 22.0/fpm/config/reverse-proxy.config.php diff --git a/19.0/fpm/config/s3.config.php b/22.0/fpm/config/s3.config.php similarity index 100% rename from 19.0/fpm/config/s3.config.php rename to 22.0/fpm/config/s3.config.php diff --git a/19.0/fpm/config/smtp.config.php b/22.0/fpm/config/smtp.config.php similarity index 100% rename from 19.0/fpm/config/smtp.config.php rename to 22.0/fpm/config/smtp.config.php diff --git a/19.0/fpm/config/swift.config.php b/22.0/fpm/config/swift.config.php similarity index 100% rename from 19.0/fpm/config/swift.config.php rename to 22.0/fpm/config/swift.config.php diff --git a/19.0/fpm/cron.sh b/22.0/fpm/cron.sh similarity index 100% rename from 19.0/fpm/cron.sh rename to 22.0/fpm/cron.sh diff --git a/19.0/fpm/entrypoint.sh b/22.0/fpm/entrypoint.sh similarity index 100% rename from 19.0/fpm/entrypoint.sh rename to 22.0/fpm/entrypoint.sh diff --git a/19.0/fpm/upgrade.exclude b/22.0/fpm/upgrade.exclude similarity index 100% rename from 19.0/fpm/upgrade.exclude rename to 22.0/fpm/upgrade.exclude diff --git a/latest.txt b/latest.txt index dc5d633c..1d975bef 100644 --- a/latest.txt +++ b/latest.txt @@ -1 +1 @@ -21.0.3 +22.0.0 From 94a24c2385a7be70a23a1c02661ddc4c675f4c32 Mon Sep 17 00:00:00 2001 From: Patrizio Bekerle Date: Tue, 13 Jul 2021 21:38:33 +0200 Subject: [PATCH 20/26] Lock mariadb to 10.5 --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 25cfe314..53a1c2bb 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Database: ```console $ docker run -d \ -v db:/var/lib/mysql \ -mariadb +mariadb:10.5 ``` If you want to get fine grained access to your individual files, you can mount additional volumes for data, config, your theme and custom apps. The `data`, `config` files are stored in respective subfolders inside `/var/www/html/`. The apps are split into core `apps` (which are shipped with Nextcloud and you don't need to take care of) and a `custom_apps` folder. If you use a custom theme it would go into the `themes` subfolder. @@ -228,7 +228,7 @@ volumes: services: db: - image: mariadb + image: mariadb:10.5 restart: always command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW volumes: @@ -274,7 +274,7 @@ volumes: services: db: - image: mariadb + image: mariadb:10.5 restart: always command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW volumes: From d7f1fa7b0d662b6d33164546fc3b4e83b9bef910 Mon Sep 17 00:00:00 2001 From: Patrizio Bekerle Date: Tue, 13 Jul 2021 21:51:14 +0200 Subject: [PATCH 21/26] Revert "Lock mariadb to 10.5" This reverts commit 94a24c2385a7be70a23a1c02661ddc4c675f4c32. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 53a1c2bb..25cfe314 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Database: ```console $ docker run -d \ -v db:/var/lib/mysql \ -mariadb:10.5 +mariadb ``` If you want to get fine grained access to your individual files, you can mount additional volumes for data, config, your theme and custom apps. The `data`, `config` files are stored in respective subfolders inside `/var/www/html/`. The apps are split into core `apps` (which are shipped with Nextcloud and you don't need to take care of) and a `custom_apps` folder. If you use a custom theme it would go into the `themes` subfolder. @@ -228,7 +228,7 @@ volumes: services: db: - image: mariadb:10.5 + image: mariadb restart: always command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW volumes: @@ -274,7 +274,7 @@ volumes: services: db: - image: mariadb:10.5 + image: mariadb restart: always command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW volumes: From c91097a08e4d9fcb7ce5058e121760dc17909ae5 Mon Sep 17 00:00:00 2001 From: Patrizio Bekerle Date: Tue, 13 Jul 2021 21:54:18 +0200 Subject: [PATCH 22/26] Lock mariadb to 10.5 (#1536) --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 25cfe314..53a1c2bb 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Database: ```console $ docker run -d \ -v db:/var/lib/mysql \ -mariadb +mariadb:10.5 ``` If you want to get fine grained access to your individual files, you can mount additional volumes for data, config, your theme and custom apps. The `data`, `config` files are stored in respective subfolders inside `/var/www/html/`. The apps are split into core `apps` (which are shipped with Nextcloud and you don't need to take care of) and a `custom_apps` folder. If you use a custom theme it would go into the `themes` subfolder. @@ -228,7 +228,7 @@ volumes: services: db: - image: mariadb + image: mariadb:10.5 restart: always command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW volumes: @@ -274,7 +274,7 @@ volumes: services: db: - image: mariadb + image: mariadb:10.5 restart: always command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW volumes: From 31b0b0337ea377ae371e9ebf2a2ea27b3f0f853a Mon Sep 17 00:00:00 2001 From: Elias Date: Sun, 18 Jul 2021 23:45:24 +0200 Subject: [PATCH 23/26] Update stable tag to 21.0.3 (#1538) The official updater now rolls out 21.0.3 to all 20.0.11 users --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 1a0f5acb..68779809 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,7 +1,7 @@ #!/bin/bash set -Eeuo pipefail -stable_channel='20.0.11' +stable_channel='21.0.3' self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" From c769eb86e1021e6530b0ca93c20bbf1f462134fd Mon Sep 17 00:00:00 2001 From: fariszr <35614734+fariszr@users.noreply.github.com> Date: Mon, 19 Jul 2021 00:52:26 +0300 Subject: [PATCH 24/26] don't expose insecure ports to the public (#1523) * don't expose insecure ports to public * don't expose insecure ports to public Signed-off-by: Fariszr <35614734+fariszr@users.noreply.github.com> --- .../docker-compose/insecure/mariadb/apache/docker-compose.yml | 2 +- .../docker-compose/insecure/mariadb/fpm/docker-compose.yml | 2 +- .../docker-compose/insecure/postgres/apache/docker-compose.yml | 2 +- .../docker-compose/insecure/postgres/fpm/docker-compose.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml index 600c609f..8a6ab534 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml @@ -20,7 +20,7 @@ services: image: nextcloud:apache restart: always ports: - - 8080:80 + - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html environment: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml index 5ac5b3b1..c3897f27 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml @@ -34,7 +34,7 @@ services: build: ./web restart: always ports: - - 8080:80 + - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html:ro depends_on: diff --git a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml index 03639056..882f161e 100644 --- a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml @@ -17,7 +17,7 @@ services: image: nextcloud:apache restart: always ports: - - 8080:80 + - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html environment: diff --git a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml index 6f63f33c..85fecdf1 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml @@ -31,7 +31,7 @@ services: build: ./web restart: always ports: - - 8080:80 + - 127.0.0.1:8080:80 volumes: - nextcloud:/var/www/html:ro depends_on: From 1a432d98fa98563182a56bdeab2b00d446a33e75 Mon Sep 17 00:00:00 2001 From: J0WI Date: Sun, 18 Jul 2021 22:00:36 +0000 Subject: [PATCH 25/26] Lock mariadb to 10.5 in examples (fix #1536) (#1539) Signed-off-by: J0WI --- .../docker-compose/insecure/mariadb/apache/docker-compose.yml | 2 +- .../docker-compose/insecure/mariadb/fpm/docker-compose.yml | 2 +- .../with-nginx-proxy/mariadb/apache/docker-compose.yml | 2 +- .../with-nginx-proxy/mariadb/fpm/docker-compose.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml index 8a6ab534..70ed73bb 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: db: - image: mariadb + image: mariadb:10.5 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: always volumes: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml index c3897f27..44c79485 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: db: - image: mariadb + image: mariadb:10.5 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: always volumes: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml index 0639e18e..13bdf597 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: db: - image: mariadb + image: mariadb:10.5 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: always volumes: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml index b00761b6..380834b8 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: db: - image: mariadb + image: mariadb:10.5 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: always volumes: From 188db02474841b96c4f415c2984006a846e92b5e Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Fri, 23 Jul 2021 00:26:39 +0000 Subject: [PATCH 26/26] Runs update.sh --- 20.0/apache/Dockerfile | 2 +- 20.0/fpm-alpine/Dockerfile | 2 +- 20.0/fpm/Dockerfile | 2 +- 21.0/apache/Dockerfile | 2 +- 21.0/fpm-alpine/Dockerfile | 2 +- 21.0/fpm/Dockerfile | 2 +- 22.0/apache/Dockerfile | 2 +- 22.0/fpm-alpine/Dockerfile | 2 +- 22.0/fpm/Dockerfile | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/20.0/apache/Dockerfile b/20.0/apache/Dockerfile index 506dc35e..a7309bcb 100644 --- a/20.0/apache/Dockerfile +++ b/20.0/apache/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.5.0; \ + pecl install imagick-3.5.1; \ \ docker-php-ext-enable \ apcu \ diff --git a/20.0/fpm-alpine/Dockerfile b/20.0/fpm-alpine/Dockerfile index 1360d13a..9aa43a3a 100644 --- a/20.0/fpm-alpine/Dockerfile +++ b/20.0/fpm-alpine/Dockerfile @@ -55,7 +55,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.5.0; \ + pecl install imagick-3.5.1; \ \ docker-php-ext-enable \ apcu \ diff --git a/20.0/fpm/Dockerfile b/20.0/fpm/Dockerfile index 78251e78..18f4d104 100644 --- a/20.0/fpm/Dockerfile +++ b/20.0/fpm/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.5.0; \ + pecl install imagick-3.5.1; \ \ docker-php-ext-enable \ apcu \ diff --git a/21.0/apache/Dockerfile b/21.0/apache/Dockerfile index cbabaf92..1b95a920 100644 --- a/21.0/apache/Dockerfile +++ b/21.0/apache/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.5.0; \ + pecl install imagick-3.5.1; \ \ docker-php-ext-enable \ apcu \ diff --git a/21.0/fpm-alpine/Dockerfile b/21.0/fpm-alpine/Dockerfile index 9878136a..4234a678 100644 --- a/21.0/fpm-alpine/Dockerfile +++ b/21.0/fpm-alpine/Dockerfile @@ -55,7 +55,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.5.0; \ + pecl install imagick-3.5.1; \ \ docker-php-ext-enable \ apcu \ diff --git a/21.0/fpm/Dockerfile b/21.0/fpm/Dockerfile index a009f46d..c8e25cd4 100644 --- a/21.0/fpm/Dockerfile +++ b/21.0/fpm/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.5.0; \ + pecl install imagick-3.5.1; \ \ docker-php-ext-enable \ apcu \ diff --git a/22.0/apache/Dockerfile b/22.0/apache/Dockerfile index 3712a5cc..9ff37211 100644 --- a/22.0/apache/Dockerfile +++ b/22.0/apache/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.5.0; \ + pecl install imagick-3.5.1; \ \ docker-php-ext-enable \ apcu \ diff --git a/22.0/fpm-alpine/Dockerfile b/22.0/fpm-alpine/Dockerfile index 275c8751..3b446279 100644 --- a/22.0/fpm-alpine/Dockerfile +++ b/22.0/fpm-alpine/Dockerfile @@ -55,7 +55,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.5.0; \ + pecl install imagick-3.5.1; \ \ docker-php-ext-enable \ apcu \ diff --git a/22.0/fpm/Dockerfile b/22.0/fpm/Dockerfile index a6123832..0b29a341 100644 --- a/22.0/fpm/Dockerfile +++ b/22.0/fpm/Dockerfile @@ -63,7 +63,7 @@ RUN set -ex; \ pecl install APCu-5.1.20; \ pecl install memcached-3.1.5; \ pecl install redis-5.3.4; \ - pecl install imagick-3.5.0; \ + pecl install imagick-3.5.1; \ \ docker-php-ext-enable \ apcu \