aaron/nextcloud-docker
0
0
Fork 0
mirror of https://github.com/nextcloud/docker.git synced 2025-06-16 16:14:47 +02:00
Code Activity

Introduce unprivileged images for apache and fpm

Browse source 
Signed-off-by: Stephan Müller <mail@stephanmueller.eu>
This commit is contained in:
Stephan Müller 2020-09-04 17:47:29 +02:00
parent 27587700ee
commit 89f5f2e681
No known key found for this signature in database
GPG key ID: 4650F39E5B5E1894
5 changed files with 40 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile-alpine.template
View file

@ -121,6 +121,6 @@ RUN set -ex; \
COPY *.sh upgrade.exclude /
COPY config/* /usr/src/nextcloud/config/
%%USER%%
ENTRYPOINT ["/entrypoint.sh"]
CMD ["%%CMD%%"]

2
Dockerfile-debian.template
View file

@ -138,6 +138,6 @@ RUN set -ex; \
COPY *.sh upgrade.exclude /
COPY config/* /usr/src/nextcloud/config/
%%USER%%
ENTRYPOINT ["/entrypoint.sh"]
CMD ["%%CMD%%"]

6
README.md
View file

@ -221,7 +221,7 @@ services:
- MYSQL_USER=nextcloud
app:
image: nextcloud
image: nextcloud:unprivileged
ports:
- 8080:80
links:
@ -262,7 +262,7 @@ services:
- MYSQL_USER=nextcloud
app:
image: nextcloud:fpm
image: nextcloud:fpm-unprivileged
links:
- db
volumes:
@ -270,7 +270,7 @@ services:
restart: always
web:
image: nginx
image: nginxinc/nginx-unprivileged:alpine
ports:
- 8080:80
links:

6
stack.yml
View file

@ -12,10 +12,10 @@ services:
- POSTGRES_PASSWORD=nextcloud
app:
image: nextcloud
image: nextcloud:unprivileged
restart: always
ports:
- 8080:80
- 8080:8080
volumes:
- nextcloud:/var/www/html
environment:
@ -27,7 +27,7 @@ services:
- db
cron:
image: nextcloud
image: nextcloud:unprivileged
restart: always
volumes:
- nextcloud:/var/www/html

36
update.sh
View file

@ -7,22 +7,40 @@ declare -A php_version=(
[17.0]='7.3'
)
declare -A image_tag=(
[apache]='apache'
[apache-unprivileged]='apache'
[fpm]='fpm'
[fpm-unprivileged]='fpm'
[fpm-alpine]='fpm-alpine'
[fpm-alpine-unprivileged]='fpm-alpine'
)
declare -A cmd=(
[apache]='apache2-foreground'
[apache-unprivileged]='apache2-foreground'
[fpm]='php-fpm'
[fpm]='php-fpm'
[fpm-alpine]='php-fpm'
[fpm-alpine]='php-fpm'
)
declare -A base=(
[apache]='debian'
[apache-unprivileged]='debian'
[fpm]='debian'
[fpm-unprivileged]='debian'
[fpm-alpine]='alpine'
[fpm-alpine-unprivileged]='alpine'
)
declare -A extras=(
[apache]='\nRUN a2enmod headers rewrite remoteip ;\\\n {\\\n echo RemoteIPHeader X-Real-IP ;\\\n echo RemoteIPTrustedProxy 10.0.0.0/8 ;\\\n echo RemoteIPTrustedProxy 172.16.0.0/12 ;\\\n echo RemoteIPTrustedProxy 192.168.0.0/16 ;\\\n } > /etc/apache2/conf-available/remoteip.conf;\\\n a2enconf remoteip'
[apache-unprivileged]='\nRUN a2enmod headers rewrite remoteip ;\\\n {\\\n echo RemoteIPHeader X-Real-IP ;\\\n echo RemoteIPTrustedProxy 10.0.0.0/8 ;\\\n echo RemoteIPTrustedProxy 172.16.0.0/12 ;\\\n echo RemoteIPTrustedProxy 192.168.0.0/16 ;\\\n } > /etc/apache2/conf-available/remoteip.conf;\\\n a2enconf remoteip\n\nRUN set -ex; \\\n sed -i "s/Listen 80/Listen 8080/" /etc/apache2/ports.conf; \\\n sed -i "s/VirtualHost *:80/VirtualHost *:8080/" /etc/apache2/sites-available/*.conf\n\nEXPOSE 8080'
[fpm]=''
[fpm-unprivileged]=''
[fpm-alpine]=''
[fpm-alpine-unprivileged]=''
)
declare -A crontab_int=(
@ -74,8 +92,11 @@ declare -A pecl_versions=(
variants=(
apache
apache-unprivileged
fpm
fpm-unprivileged
fpm-alpine
fpm-alpine-unprivileged
)
min_version='17.0'
@ -114,10 +135,16 @@ function create_variant() {
echo "updating $fullversion [$1] $variant"
if [[ "$variant" == *-unprivileged ]]; then
unprivileged_user="\nUSER www-data\n"
else
unprivileged_user=""
fi
# Replace the variables.
sed -ri -e '
s/%%PHP_VERSION%%/'"$phpVersion"'/g;
s/%%VARIANT%%/'"$variant"'/g;
s/%%VARIANT%%/'"${image_tag[$variant]}"'/g;
s/%%VERSION%%/'"$fullversion"'/g;
s/%%BASE_DOWNLOAD_URL%%/'"$2"'/g;
s/%%CMD%%/'"${cmd[$variant]}"'/g;
@ -125,8 +152,9 @@ function create_variant() {
s/%%APCU_VERSION%%/'"${pecl_versions[APCu]}"'/g;
s/%%MEMCACHED_VERSION%%/'"${pecl_versions[memcached]}"'/g;
s/%%REDIS_VERSION%%/'"${pecl_versions[redis]}"'/g;
s/%%IMAGICK_VERSION%%/'"${pecl_versions[imagick]}"'/g;
s/%%CRONTAB_INT%%/'"$crontabInt"'/g;
s/%%IMAGICK_VERSION%%/'"${pecl_versions[imagick]}"'/g;
s/%%CRONTAB_INT%%/'"$crontabInt"'/g;
s/%%USER%%/'"$unprivileged_user"'/g;
' "$dir/Dockerfile"
case "$phpVersion" in
@ -165,7 +193,7 @@ function create_variant() {
cp -rT .config "$dir/config"
# Remove Apache config if we're not an Apache variant.
if [ "$variant" != "apache" ]; then
if [ "$variant" != "apache" ] && [ "$variant" != "apache-unprivileged" ]; then
rm "$dir/config/apache-pretty-urls.config.php"
fi
}