aaron/nextcloud-docker
0
0
Fork 0
mirror of https://github.com/nextcloud/docker.git synced 2025-04-19 18:36:09 +02:00
Code Activity

Merge remote-tracking branch 'upstream/master' into patch-3

Browse source
This commit is contained in:
Thomas Clavier 2025-01-10 11:19:18 +01:00
commit 8bb3779baa
No known key found for this signature in database
GPG key ID: 20CCE23E53E6E41A
187 changed files with 3009 additions and 2543 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.config/redis.config.php
View file

@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
'memcache.locking' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array( 'redis' => array(
'host' => getenv('REDIS_HOST'), 'host' => getenv('REDIS_HOST'),
'password' => (string) getenv('REDIS_HOST_PASSWORD'), 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
), ),
); );

5
.config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

15
.config/s3.config.php
View file

@ -12,9 +12,10 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, 'autocreate' => strtolower($autocreate) !== 'false',
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, 'use_ssl' => strtolower($use_ssl) !== 'false',
// required for some non Amazon S3 implementations // required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions // required for older protocol versions
@ -23,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
) )
); );
if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
$CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_KEY')) { } elseif (getenv('OBJECTSTORE_S3_KEY')) {
$CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -31,11 +32,17 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
$CONFIG['objectstore']['arguments']['key'] = ''; $CONFIG['objectstore']['arguments']['key'] = '';
} }
if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
$CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SECRET')) { } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
$CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
} else { } else {
$CONFIG['objectstore']['arguments']['secret'] = ''; $CONFIG['objectstore']['arguments']['secret'] = '';
} }
if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
$CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
$CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
}
} }

4
.config/smtp.config.php
View file

@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'), 'mail_domain' => getenv('MAIL_DOMAIN'),
); );
if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { if (getenv('SMTP_PASSWORD_FILE')) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) { } elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');

4
.config/upgrade-disable-web.config.php Normal file
View file

@ -0,0 +1,4 @@
<?php
$CONFIG = array (
'upgrade.disable-web' => true,
);

19
.examples/README.md
View file

@ -52,9 +52,6 @@ The required steps for each optional/recommended package that is not already in
#### ffmpeg #### ffmpeg
`apt install ffmpeg` `apt install ffmpeg`
#### imagemagick SVG support
`apt install libmagickcore-6.q16-6-extra`
#### LibreOffice #### LibreOffice
`apt install libreoffice` `apt install libreoffice`
@ -69,9 +66,9 @@ The following Dockerfile commands are also necessary for a sucessfull cron insta
## docker-compose ## docker-compose
In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box. In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box.
Before running the examples you have to modify the `db.env` and `docker-compose.yml` file and fill in your custom information. Before running the examples you have to modify the `db.env` and `compose.yaml` file and fill in your custom information.
The docker-compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker-compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `docker-compose.yml` file. The docker compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `compose.yaml` file.
### insecure ### insecure
@ -81,10 +78,10 @@ For this use one of the [with-nginx-proxy](#with-nginx-proxy) examples.
To use this example complete the following steps: To use this example complete the following steps:
1. if you use mariadb or mysql choose a root password for the database in `docker-compose.yml` behind `MYSQL_ROOT_PASSWORD=` 1. if you use mariadb or mysql choose a root password for the database in `compose.yaml` behind `MYSQL_ROOT_PASSWORD=`
2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres) 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles 3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
4. start nextcloud with `docker-compose up -d` 4. start nextcloud with `docker compose up -d`
If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4. If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
@ -100,13 +97,13 @@ This combination of the [nginxproxy/nginx-proxy](https://github.com/nginx-proxy/
To use this example complete the following steps: To use this example complete the following steps:
1. open `docker-compose.yml` 1. open `compose.yaml`
1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=` 1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=`
2. enter a valid email behind `LETSENCRYPT_EMAIL=` 2. enter a valid email behind `LETSENCRYPT_EMAIL=`
3. if you use mariadb or mysql choose a root password for the database behind `MYSQL_ROOT_PASSWORD=` 3. if you use mariadb or mysql choose a root password for the database behind `MYSQL_ROOT_PASSWORD=`
2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres) 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles 3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
4. start nextcloud with `docker-compose up -d` 4. start nextcloud with `docker compose up -d`
If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4. If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.

6
.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml → .examples/docker-compose/insecure/mariadb/apache/compose.yaml
View file

@ -1,8 +1,6 @@
version: '3'
services: services:
db: db:
image: mariadb:10.6 image: mariadb:10.11
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
restart: always restart: always
volumes: volumes:
@ -25,6 +23,7 @@ services:
- 127.0.0.1:8080:80 - 127.0.0.1:8080:80
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
environment: environment:
- MYSQL_HOST=db - MYSQL_HOST=db
- REDIS_HOST=redis - REDIS_HOST=redis
@ -39,6 +38,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
entrypoint: /cron.sh entrypoint: /cron.sh
depends_on: depends_on:
- db - db

7
.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml → .examples/docker-compose/insecure/mariadb/fpm/compose.yaml
View file

@ -1,8 +1,6 @@
version: '3'
services: services:
db: db:
image: mariadb:10.6 image: mariadb:10.11
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
restart: always restart: always
volumes: volumes:
@ -23,6 +21,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
environment: environment:
- MYSQL_HOST=db - MYSQL_HOST=db
- REDIS_HOST=redis - REDIS_HOST=redis
@ -39,6 +38,7 @@ services:
- 127.0.0.1:8080:80 - 127.0.0.1:8080:80
volumes: volumes:
- nextcloud:/var/www/html:z,ro - nextcloud:/var/www/html:z,ro
# NOTE: The `volumes` included here should match those of the `app` container (unless you know what you're doing)
depends_on: depends_on:
- app - app
@ -47,6 +47,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
entrypoint: /cron.sh entrypoint: /cron.sh
depends_on: depends_on:
- db - db

41
.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
View file

@ -10,8 +10,12 @@ events {
http { http {
include /etc/nginx/mime.types; include mime.types;
default_type application/octet-stream; default_type application/octet-stream;
types {
text/javascript mjs;
application/wasm wasm;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
@ -27,6 +31,12 @@ http {
keepalive_timeout 65; keepalive_timeout 65;
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default ", immutable";
}
#gzip on; #gzip on;
upstream php-handler { upstream php-handler {
@ -44,17 +54,23 @@ http {
# could take several months. # could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size # set max upload size and increase upload timeout:
client_max_body_size 512M; client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
# The settings allows you to optimize the HTTP2 bandwidth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
client_body_buffer_size 512k;
# Enable gzip but do not remove ETag headers # Enable gzip but do not remove ETag headers
gzip on; gzip on;
gzip_vary on; gzip_vary on;
gzip_comp_level 4; gzip_comp_level 4;
gzip_min_length 256; gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built # Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it. # with the `ngx_pagespeed` module, uncomment this line to disable it.
@ -128,7 +144,7 @@ http {
# to the URI, resulting in a HTTP 500 error response. # to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) { location ~ \.php(?:$|/) {
# Required for legacy support # Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
@ -146,12 +162,25 @@ http {
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
} }
location ~ \.(?:css|js|svg|gif)$ { # Serve static files
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess` add_header Cache-Control "public, max-age=15778463$asset_immutable";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off; # Optional: Don't log access to assets access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
} }
location ~ \.woff2?$ { location ~ \.woff2?$ {

4
.examples/docker-compose/insecure/postgres/apache/docker-compose.yml → .examples/docker-compose/insecure/postgres/apache/compose.yaml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
db: db:
image: postgres:alpine image: postgres:alpine
@ -20,6 +18,7 @@ services:
- 127.0.0.1:8080:80 - 127.0.0.1:8080:80
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
environment: environment:
- POSTGRES_HOST=db - POSTGRES_HOST=db
- REDIS_HOST=redis - REDIS_HOST=redis
@ -34,6 +33,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
entrypoint: /cron.sh entrypoint: /cron.sh
depends_on: depends_on:
- db - db

7
.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml → .examples/docker-compose/insecure/postgres/fpm/compose.yaml
View file

@ -1,11 +1,9 @@
version: '3'
services: services:
db: db:
image: postgres:alpine image: postgres:alpine
restart: always restart: always
volumes: volumes:
- db:/var/lib/postgresql/data:z - db:/var/lib/postgresql/data:Z
env_file: env_file:
- db.env - db.env
@ -18,6 +16,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
environment: environment:
- POSTGRES_HOST=db - POSTGRES_HOST=db
- REDIS_HOST=redis - REDIS_HOST=redis
@ -34,6 +33,7 @@ services:
- 127.0.0.1:8080:80 - 127.0.0.1:8080:80
volumes: volumes:
- nextcloud:/var/www/html:z,ro - nextcloud:/var/www/html:z,ro
# NOTE: The `volumes` included here should match those of the `app` container (unless you know what you're doing)
depends_on: depends_on:
- app - app
@ -42,6 +42,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
entrypoint: /cron.sh entrypoint: /cron.sh
depends_on: depends_on:
- db - db

41
.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
View file

@ -10,8 +10,12 @@ events {
http { http {
include /etc/nginx/mime.types; include mime.types;
default_type application/octet-stream; default_type application/octet-stream;
types {
text/javascript mjs;
application/wasm wasm;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
@ -27,6 +31,12 @@ http {
keepalive_timeout 65; keepalive_timeout 65;
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default ", immutable";
}
#gzip on; #gzip on;
upstream php-handler { upstream php-handler {
@ -44,17 +54,23 @@ http {
# could take several months. # could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size # set max upload size and increase upload timeout:
client_max_body_size 512M; client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
# The settings allows you to optimize the HTTP2 bandwidth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
client_body_buffer_size 512k;
# Enable gzip but do not remove ETag headers # Enable gzip but do not remove ETag headers
gzip on; gzip on;
gzip_vary on; gzip_vary on;
gzip_comp_level 4; gzip_comp_level 4;
gzip_min_length 256; gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built # Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it. # with the `ngx_pagespeed` module, uncomment this line to disable it.
@ -128,7 +144,7 @@ http {
# to the URI, resulting in a HTTP 500 error response. # to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) { location ~ \.php(?:$|/) {
# Required for legacy support # Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
@ -146,12 +162,25 @@ http {
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
} }
location ~ \.(?:css|js|svg|gif)$ { # Serve static files
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess` add_header Cache-Control "public, max-age=15778463$asset_immutable";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off; # Optional: Don't log access to assets access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
} }
location ~ \.woff2?$ { location ~ \.woff2?$ {

18
.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml → .examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml
View file

@ -1,8 +1,6 @@
version: '3'
services: services:
db: db:
image: mariadb:10.6 image: mariadb:10.11
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
restart: always restart: always
volumes: volumes:
@ -23,6 +21,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
environment: environment:
- VIRTUAL_HOST= - VIRTUAL_HOST=
- LETSENCRYPT_HOST= - LETSENCRYPT_HOST=
@ -34,6 +33,10 @@ services:
depends_on: depends_on:
- db - db
- redis - redis
# Added proxy container dependency below.
# It is unclear on when or why it happens, but sometimes NC manages to start before the proxy
# and it breaks for whatever weird reason resulting in the need of manual proxy container restart.
- proxy
networks: networks:
- proxy-tier - proxy-tier
- default - default
@ -43,6 +46,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
entrypoint: /cron.sh entrypoint: /cron.sh
depends_on: depends_on:
- db - db
@ -55,11 +59,12 @@ services:
- 80:80 - 80:80
- 443:443 - 443:443
labels: labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
volumes: volumes:
- certs:/etc/nginx/certs:z,ro - certs:/etc/nginx/certs:ro,z
- vhost.d:/etc/nginx/vhost.d:z - vhost.d:/etc/nginx/vhost.d:z
- html:/usr/share/nginx/html:z - html:/usr/share/nginx/html:z
- dhparam:/etc/nginx/dhparam:z
- /var/run/docker.sock:/tmp/docker.sock:z,ro - /var/run/docker.sock:/tmp/docker.sock:z,ro
networks: networks:
- proxy-tier - proxy-tier
@ -67,6 +72,8 @@ services:
letsencrypt-companion: letsencrypt-companion:
image: nginxproxy/acme-companion image: nginxproxy/acme-companion
restart: always restart: always
environment:
- DEFAULT_EMAIL=
volumes: volumes:
- certs:/etc/nginx/certs:z - certs:/etc/nginx/certs:z
- acme:/etc/acme.sh:z - acme:/etc/acme.sh:z
@ -100,6 +107,7 @@ volumes:
acme: acme:
vhost.d: vhost.d:
html: html:
dhparam:
networks: networks:
proxy-tier: proxy-tier:

12
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml → .examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml
View file

@ -1,8 +1,6 @@
version: '3'
services: services:
db: db:
image: mariadb:10.6 image: mariadb:10.11
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
restart: always restart: always
volumes: volumes:
@ -23,6 +21,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
environment: environment:
- MYSQL_HOST=db - MYSQL_HOST=db
- REDIS_HOST=redis - REDIS_HOST=redis
@ -31,12 +30,14 @@ services:
depends_on: depends_on:
- db - db
- redis - redis
- proxy
web: web:
build: ./web build: ./web
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z,ro - nextcloud:/var/www/html:z,ro
# NOTE: The `volumes` included here should match those of the `app` container (unless you know what you're doing)
environment: environment:
- VIRTUAL_HOST= - VIRTUAL_HOST=
- LETSENCRYPT_HOST= - LETSENCRYPT_HOST=
@ -52,6 +53,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
entrypoint: /cron.sh entrypoint: /cron.sh
depends_on: depends_on:
- db - db
@ -64,7 +66,7 @@ services:
- 80:80 - 80:80
- 443:443 - 443:443
labels: labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
volumes: volumes:
- certs:/etc/nginx/certs:z,ro - certs:/etc/nginx/certs:z,ro
- vhost.d:/etc/nginx/vhost.d:z - vhost.d:/etc/nginx/vhost.d:z
@ -76,6 +78,8 @@ services:
letsencrypt-companion: letsencrypt-companion:
image: nginxproxy/acme-companion image: nginxproxy/acme-companion
restart: always restart: always
environment:
- DEFAULT_EMAIL=
volumes: volumes:
- certs:/etc/nginx/certs:z - certs:/etc/nginx/certs:z
- acme:/etc/acme.sh:z - acme:/etc/acme.sh:z

43
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
View file

@ -10,8 +10,12 @@ events {
http { http {
include /etc/nginx/mime.types; include mime.types;
default_type application/octet-stream; default_type application/octet-stream;
types {
text/javascript mjs;
application/wasm wasm;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
@ -27,6 +31,12 @@ http {
keepalive_timeout 65; keepalive_timeout 65;
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default ", immutable";
}
#gzip on; #gzip on;
upstream php-handler { upstream php-handler {
@ -44,17 +54,23 @@ http {
# could take several months. # could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size # set max upload size and increase upload timeout:
client_max_body_size 512M; client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
# The settings allows you to optimize the HTTP2 bandwidth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
client_body_buffer_size 512k;
# Enable gzip but do not remove ETag headers # Enable gzip but do not remove ETag headers
gzip on; gzip on;
gzip_vary on; gzip_vary on;
gzip_comp_level 4; gzip_comp_level 4;
gzip_min_length 256; gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built # Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it. # with the `ngx_pagespeed` module, uncomment this line to disable it.
@ -128,7 +144,7 @@ http {
# to the URI, resulting in a HTTP 500 error response. # to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) { location ~ \.php(?:$|/) {
# Required for legacy support # Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
@ -138,7 +154,7 @@ http {
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on; fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_param front_controller_active true; # Enable pretty urls
@ -146,12 +162,25 @@ http {
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
} }
location ~ \.(?:css|js|svg|gif)$ { # Serve static files
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess` add_header Cache-Control "public, max-age=15778463$asset_immutable";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off; # Optional: Don't log access to assets access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
} }
location ~ \.woff2?$ { location ~ \.woff2?$ {

9
.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml → .examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
db: db:
image: postgres:alpine image: postgres:alpine
@ -18,6 +16,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
environment: environment:
- VIRTUAL_HOST= - VIRTUAL_HOST=
- LETSENCRYPT_HOST= - LETSENCRYPT_HOST=
@ -29,6 +28,7 @@ services:
depends_on: depends_on:
- db - db
- redis - redis
- proxy
networks: networks:
- proxy-tier - proxy-tier
- default - default
@ -38,6 +38,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
entrypoint: /cron.sh entrypoint: /cron.sh
depends_on: depends_on:
- db - db
@ -50,9 +51,9 @@ services:
- 80:80 - 80:80
- 443:443 - 443:443
labels: labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
volumes: volumes:
- certs:/etc/nginx/certs:z,ro - certs:/etc/nginx/certs:ro,z
- vhost.d:/etc/nginx/vhost.d:z - vhost.d:/etc/nginx/vhost.d:z
- html:/usr/share/nginx/html:z - html:/usr/share/nginx/html:z
- /var/run/docker.sock:/tmp/docker.sock:z,ro - /var/run/docker.sock:/tmp/docker.sock:z,ro

8
.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml → .examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml
View file

@ -18,6 +18,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
environment: environment:
- POSTGRES_HOST=db - POSTGRES_HOST=db
- REDIS_HOST=redis - REDIS_HOST=redis
@ -26,12 +27,14 @@ services:
depends_on: depends_on:
- db - db
- redis - redis
- proxy
web: web:
build: ./web build: ./web
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z,ro - nextcloud:/var/www/html:z,ro
# NOTE: The `volumes` included here should match those of the `app` container (unless you know what you're doing)
environment: environment:
- VIRTUAL_HOST= - VIRTUAL_HOST=
- LETSENCRYPT_HOST= - LETSENCRYPT_HOST=
@ -47,6 +50,7 @@ services:
restart: always restart: always
volumes: volumes:
- nextcloud:/var/www/html:z - nextcloud:/var/www/html:z
# NOTE: The `volumes` config of the `cron` and `app` containers must match
entrypoint: /cron.sh entrypoint: /cron.sh
depends_on: depends_on:
- db - db
@ -59,7 +63,7 @@ services:
- 80:80 - 80:80
- 443:443 - 443:443
labels: labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
volumes: volumes:
- certs:/etc/nginx/certs:z,ro - certs:/etc/nginx/certs:z,ro
- vhost.d:/etc/nginx/vhost.d:z - vhost.d:/etc/nginx/vhost.d:z
@ -77,6 +81,8 @@ services:
- vhost.d:/etc/nginx/vhost.d:z - vhost.d:/etc/nginx/vhost.d:z
- html:/usr/share/nginx/html:z - html:/usr/share/nginx/html:z
- /var/run/docker.sock:/var/run/docker.sock:z,ro - /var/run/docker.sock:/var/run/docker.sock:z,ro
environment:
- DEFAULT_EMAIL=
networks: networks:
- proxy-tier - proxy-tier
depends_on: depends_on:

43
.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
View file

@ -10,8 +10,12 @@ events {
http { http {
include /etc/nginx/mime.types; include mime.types;
default_type application/octet-stream; default_type application/octet-stream;
types {
text/javascript mjs;
application/wasm wasm;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
@ -27,6 +31,12 @@ http {
keepalive_timeout 65; keepalive_timeout 65;
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default ", immutable";
}
#gzip on; #gzip on;
upstream php-handler { upstream php-handler {
@ -44,17 +54,23 @@ http {
# could take several months. # could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size # set max upload size and increase upload timeout:
client_max_body_size 512M; client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
# The settings allows you to optimize the HTTP2 bandwidth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tuning hints
client_body_buffer_size 512k;
# Enable gzip but do not remove ETag headers # Enable gzip but do not remove ETag headers
gzip on; gzip on;
gzip_vary on; gzip_vary on;
gzip_comp_level 4; gzip_comp_level 4;
gzip_min_length 256; gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built # Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it. # with the `ngx_pagespeed` module, uncomment this line to disable it.
@ -128,7 +144,7 @@ http {
# to the URI, resulting in a HTTP 500 error response. # to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) { location ~ \.php(?:$|/) {
# Required for legacy support # Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
@ -138,7 +154,7 @@ http {
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on; fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_param front_controller_active true; # Enable pretty urls
@ -146,12 +162,25 @@ http {
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
} }
location ~ \.(?:css|js|svg|gif)$ { # Serve static files
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess` add_header Cache-Control "public, max-age=15778463$asset_immutable";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off; # Optional: Don't log access to assets access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
} }
location ~ \.woff2?$ { location ~ \.woff2?$ {

4
.github/ISSUE_TEMPLATE/Image_issue.md vendored
View file

@ -6,7 +6,9 @@ about: Issues related to the Nextcloud Docker image
<!-- <!--
Thanks for reporting issues back to Nextcloud! Thanks for reporting issues back to Nextcloud!
Note: This is the issue tracker of the official Nextcloud **Docker image**, please do NOT use this to report issues with Docker or Nextcloud itself. You can find help debugging your system on our forums: https://help.nextcloud.com/ or https://forums.docker.com/. When reporting problems, please include your *complete* Docker Compose file (or run commands) and your Nextcloud Server config (e.g. `occ config:list system`). Incomplete reports cause extra work for all parties involved and delay resolution.
Note: This is the issue tracker of the official Nextcloud **Docker image**, please do NOT use this to report issues with Docker or Nextcloud Server itself. You can find help debugging your system on our forums: https://help.nextcloud.com/ or https://forums.docker.com/.
To learn more about official images, see https://github.com/docker-library/faq To learn more about official images, see https://github.com/docker-library/faq
--> -->

51
.github/workflows/command-rebase.yml vendored
View file

@ -1,51 +0,0 @@
# This workflow is provided via the organization template repository
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
name: Rebase command
on:
issue_comment:
types: created
permissions:
contents: read
jobs:
rebase:
runs-on: ubuntu-latest
permissions:
contents: none
# On pull requests and if the comment starts with `/rebase`
if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/rebase')
steps:
- name: Add reaction on start
uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reaction-type: "+1"
- name: Checkout the latest code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 0
token: ${{ secrets.COMMAND_BOT_PAT }}
- name: Automatic Rebase
uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8
env:
GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
- name: Add reaction on failure
uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
if: failure()
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reaction-type: "-1"

6
.github/workflows/images.yml vendored
View file

@ -20,8 +20,8 @@ jobs:
outputs: outputs:
strategy: ${{ steps.generate-jobs.outputs.strategy }} strategy: ${{ steps.generate-jobs.outputs.strategy }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- uses: docker-library/bashbrew@v0.1.5 - uses: docker-library/bashbrew@HEAD
- id: generate-jobs - id: generate-jobs
name: Generate Jobs name: Generate Jobs
run: | run: |
@ -36,7 +36,7 @@ jobs:
name: ${{ matrix.name }} name: ${{ matrix.name }}
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Prepare Environment - name: Prepare Environment
run: ${{ matrix.runs.prepare }} run: ${{ matrix.runs.prepare }}
- name: Run update.sh script - name: Run update.sh script

2
.github/workflows/update-sh.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
name: Run update.sh script name: Run update.sh script
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Run update.sh script - name: Run update.sh script
run: ./update.sh run: ./update.sh
- name: Commit files - name: Commit files

18
.travis/test-example-dockerfiles.sh
View file

@ -1,18 +0,0 @@
#!/usr/bin/env bash
set -e
image="$1"
cd .examples/dockerfiles
dirs=( */ )
dirs=( "${dirs[@]%/}" )
for dir in "${dirs[@]}"; do
if [ -d "$dir/$VARIANT" ]; then
(
cd "$dir/$VARIANT"
sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile'
docker build -t "$image-$dir" .
)
fi
done

4
25/apache/cron.sh
View file

@ -1,4 +0,0 @@
#!/bin/sh
set -eu
exec busybox crond -f -l 0 -L /dev/stdout

4
25/fpm-alpine/cron.sh
View file

@ -1,4 +0,0 @@
#!/bin/sh
set -eu
exec busybox crond -f -l 0 -L /dev/stdout

4
25/fpm/cron.sh
View file

@ -1,4 +0,0 @@
#!/bin/sh
set -eu
exec busybox crond -f -l 0 -L /dev/stdout

4
26/apache/cron.sh
View file

@ -1,4 +0,0 @@
#!/bin/sh
set -eu
exec busybox crond -f -l 0 -L /dev/stdout

17
26/fpm-alpine/config/redis.config.php
View file

@ -1,17 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array(
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => (string) getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

30
26/fpm-alpine/config/reverse-proxy.config.php
View file

@ -1,30 +0,0 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteCliUrl = getenv('OVERWRITECLIURL');
if ($overwriteCliUrl) {
$CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

41
26/fpm-alpine/config/s3.config.php
View file

@ -1,41 +0,0 @@
<?php
if (getenv('OBJECTSTORE_S3_BUCKET')) {
$use_ssl = getenv('OBJECTSTORE_S3_SSL');
$use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
$use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
$autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
$CONFIG = array(
'objectstore' => array(
'class' => '\OC\Files\ObjectStore\S3',
'arguments' => array(
'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
// required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
)
)
);
if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
$CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_KEY')) {
$CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
} else {
$CONFIG['objectstore']['arguments']['key'] = '';
}
if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
$CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SECRET')) {
$CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
} else {
$CONFIG['objectstore']['arguments']['secret'] = '';
}
}

22
26/fpm-alpine/config/smtp.config.php
View file

@ -1,22 +0,0 @@
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
} else {
$CONFIG['mail_smtppassword'] = '';
}
}

4
26/fpm-alpine/cron.sh
View file

@ -1,4 +0,0 @@
#!/bin/sh
set -eu
exec busybox crond -f -l 0 -L /dev/stdout

279
26/fpm-alpine/entrypoint.sh
View file

@ -1,279 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p "$user" -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
# Execute all executable files in a given directory in alphanumeric order
run_path() {
local hook_folder_path="/docker-entrypoint-hooks.d/$1"
local return_code=0
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
if [ -z "$(ls -A "${hook_folder_path}")" ]; then
echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do"
return 0
fi
(
for script_file_path in "${hook_folder_path}/"*.sh; do
if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then
echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag"
continue
fi
echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
run_as "${script_file_path}" || return_code="$?"
if [ "${return_code}" -ne "0" ]; then
echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
exit 1
fi
echo "==> Finished the script: \"${script_file_path}\""
done
)
}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
if [ -n "${varValue}" ]; then
export "$var"="${varValue}"
elif [ -n "${fileVarValue}" ]; then
export "$var"="$(cat "${fileVarValue}")"
elif [ -n "${def}" ]; then
export "$var"="$def"
fi
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
uid="$(id -u)"
gid="$(id -g)"
if [ "$uid" = '0' ]; then
case "$1" in
apache2*)
user="${APACHE_RUN_USER:-www-data}"
group="${APACHE_RUN_GROUP:-www-data}"
# strip off any '#' symbol ('#1000' is valid syntax for Apache)
user="${user#'#'}"
group="${group#'#'}"
;;
*) # php-fpm
user='www-data'
group='www-data'
;;
esac
else
user="$uid"
group="$gid"
fi
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
file_env REDIS_HOST_PASSWORD
echo 'session.save_handler = redis'
# check if redis host is an unix socket path
if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"unix://${REDIS_HOST}\""
fi
# check if redis password has been set
elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
fi
echo "redis.session.locking_enabled = 1"
echo "redis.session.lock_retries = -1"
# redis.session.lock_wait_time is specified in microseconds.
# Wait 10ms before retrying the lock rather than the default 2ms.
echo "redis.session.lock_wait_time = 10000"
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
# If another process is syncing the html folder, wait for
# it to be done, then escape initalization.
(
if ! flock -n 9; then
# If we couldn't get it immediately, show a message, then wait for real
echo "Another process is initializing Nextcloud. Waiting..."
flock 9
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
exit 1
fi
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown $user:$group"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
# Install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
file_env MYSQL_DATABASE
file_env MYSQL_PASSWORD
file_env MYSQL_USER
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
run_path pre-installation
echo "Starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "Retrying install..."
try=$((try+1))
sleep 10s
done
if [ "$try" -gt "$max_retries" ]; then
echo "Installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "Setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
done
fi
run_path post-installation
else
echo "Please run the web-based installer on first connect!"
fi
fi
# Upgrade
else
run_path pre-upgrade
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
run_path post-upgrade
fi
echo "Initializing finished"
fi
# Update htaccess after init if requested
if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ maintenance:update:htaccess'
fi
) 9> /var/www/html/nextcloud-init-sync.lock
run_path before-starting
fi
exec "$@"

17
26/fpm/config/redis.config.php
View file

@ -1,17 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array(
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => (string) getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

30
26/fpm/config/reverse-proxy.config.php
View file

@ -1,30 +0,0 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteCliUrl = getenv('OVERWRITECLIURL');
if ($overwriteCliUrl) {
$CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

41
26/fpm/config/s3.config.php
View file

@ -1,41 +0,0 @@
<?php
if (getenv('OBJECTSTORE_S3_BUCKET')) {
$use_ssl = getenv('OBJECTSTORE_S3_SSL');
$use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
$use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
$autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
$CONFIG = array(
'objectstore' => array(
'class' => '\OC\Files\ObjectStore\S3',
'arguments' => array(
'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
// required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
)
)
);
if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
$CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_KEY')) {
$CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
} else {
$CONFIG['objectstore']['arguments']['key'] = '';
}
if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
$CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SECRET')) {
$CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
} else {
$CONFIG['objectstore']['arguments']['secret'] = '';
}
}

22
26/fpm/config/smtp.config.php
View file

@ -1,22 +0,0 @@
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
} else {
$CONFIG['mail_smtppassword'] = '';
}
}

4
26/fpm/cron.sh
View file

@ -1,4 +0,0 @@
#!/bin/sh
set -eu
exec busybox crond -f -l 0 -L /dev/stdout

279
26/fpm/entrypoint.sh
View file

@ -1,279 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p "$user" -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
# Execute all executable files in a given directory in alphanumeric order
run_path() {
local hook_folder_path="/docker-entrypoint-hooks.d/$1"
local return_code=0
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
if [ -z "$(ls -A "${hook_folder_path}")" ]; then
echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do"
return 0
fi
(
for script_file_path in "${hook_folder_path}/"*.sh; do
if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then
echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag"
continue
fi
echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
run_as "${script_file_path}" || return_code="$?"
if [ "${return_code}" -ne "0" ]; then
echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
exit 1
fi
echo "==> Finished the script: \"${script_file_path}\""
done
)
}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
if [ -n "${varValue}" ]; then
export "$var"="${varValue}"
elif [ -n "${fileVarValue}" ]; then
export "$var"="$(cat "${fileVarValue}")"
elif [ -n "${def}" ]; then
export "$var"="$def"
fi
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
uid="$(id -u)"
gid="$(id -g)"
if [ "$uid" = '0' ]; then
case "$1" in
apache2*)
user="${APACHE_RUN_USER:-www-data}"
group="${APACHE_RUN_GROUP:-www-data}"
# strip off any '#' symbol ('#1000' is valid syntax for Apache)
user="${user#'#'}"
group="${group#'#'}"
;;
*) # php-fpm
user='www-data'
group='www-data'
;;
esac
else
user="$uid"
group="$gid"
fi
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
file_env REDIS_HOST_PASSWORD
echo 'session.save_handler = redis'
# check if redis host is an unix socket path
if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"unix://${REDIS_HOST}\""
fi
# check if redis password has been set
elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
fi
echo "redis.session.locking_enabled = 1"
echo "redis.session.lock_retries = -1"
# redis.session.lock_wait_time is specified in microseconds.
# Wait 10ms before retrying the lock rather than the default 2ms.
echo "redis.session.lock_wait_time = 10000"
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
# If another process is syncing the html folder, wait for
# it to be done, then escape initalization.
(
if ! flock -n 9; then
# If we couldn't get it immediately, show a message, then wait for real
echo "Another process is initializing Nextcloud. Waiting..."
flock 9
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
exit 1
fi
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown $user:$group"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
# Install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
file_env MYSQL_DATABASE
file_env MYSQL_PASSWORD
file_env MYSQL_USER
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
run_path pre-installation
echo "Starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "Retrying install..."
try=$((try+1))
sleep 10s
done
if [ "$try" -gt "$max_retries" ]; then
echo "Installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "Setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
done
fi
run_path post-installation
else
echo "Please run the web-based installer on first connect!"
fi
fi
# Upgrade
else
run_path pre-upgrade
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
run_path post-upgrade
fi
echo "Initializing finished"
fi
# Update htaccess after init if requested
if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ maintenance:update:htaccess'
fi
) 9> /var/www/html/nextcloud-init-sync.lock
run_path before-starting
fi
exec "$@"

17
27/apache/config/redis.config.php
View file

@ -1,17 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array(
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => (string) getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

30
27/apache/config/reverse-proxy.config.php
View file

@ -1,30 +0,0 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteCliUrl = getenv('OVERWRITECLIURL');
if ($overwriteCliUrl) {
$CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

41
27/apache/config/s3.config.php
View file

@ -1,41 +0,0 @@
<?php
if (getenv('OBJECTSTORE_S3_BUCKET')) {
$use_ssl = getenv('OBJECTSTORE_S3_SSL');
$use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
$use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
$autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
$CONFIG = array(
'objectstore' => array(
'class' => '\OC\Files\ObjectStore\S3',
'arguments' => array(
'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
// required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
)
)
);
if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
$CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_KEY')) {
$CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
} else {
$CONFIG['objectstore']['arguments']['key'] = '';
}
if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
$CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SECRET')) {
$CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
} else {
$CONFIG['objectstore']['arguments']['secret'] = '';
}
}

22
27/apache/config/smtp.config.php
View file

@ -1,22 +0,0 @@
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
} else {
$CONFIG['mail_smtppassword'] = '';
}
}

4
27/apache/cron.sh
View file

@ -1,4 +0,0 @@
#!/bin/sh
set -eu
exec busybox crond -f -l 0 -L /dev/stdout

279
27/apache/entrypoint.sh
View file

@ -1,279 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p "$user" -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
# Execute all executable files in a given directory in alphanumeric order
run_path() {
local hook_folder_path="/docker-entrypoint-hooks.d/$1"
local return_code=0
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
if [ -z "$(ls -A "${hook_folder_path}")" ]; then
echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do"
return 0
fi
(
for script_file_path in "${hook_folder_path}/"*.sh; do
if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then
echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag"
continue
fi
echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
run_as "${script_file_path}" || return_code="$?"
if [ "${return_code}" -ne "0" ]; then
echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
exit 1
fi
echo "==> Finished the script: \"${script_file_path}\""
done
)
}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
if [ -n "${varValue}" ]; then
export "$var"="${varValue}"
elif [ -n "${fileVarValue}" ]; then
export "$var"="$(cat "${fileVarValue}")"
elif [ -n "${def}" ]; then
export "$var"="$def"
fi
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
uid="$(id -u)"
gid="$(id -g)"
if [ "$uid" = '0' ]; then
case "$1" in
apache2*)
user="${APACHE_RUN_USER:-www-data}"
group="${APACHE_RUN_GROUP:-www-data}"
# strip off any '#' symbol ('#1000' is valid syntax for Apache)
user="${user#'#'}"
group="${group#'#'}"
;;
*) # php-fpm
user='www-data'
group='www-data'
;;
esac
else
user="$uid"
group="$gid"
fi
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
file_env REDIS_HOST_PASSWORD
echo 'session.save_handler = redis'
# check if redis host is an unix socket path
if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"unix://${REDIS_HOST}\""
fi
# check if redis password has been set
elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
fi
echo "redis.session.locking_enabled = 1"
echo "redis.session.lock_retries = -1"
# redis.session.lock_wait_time is specified in microseconds.
# Wait 10ms before retrying the lock rather than the default 2ms.
echo "redis.session.lock_wait_time = 10000"
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
# If another process is syncing the html folder, wait for
# it to be done, then escape initalization.
(
if ! flock -n 9; then
# If we couldn't get it immediately, show a message, then wait for real
echo "Another process is initializing Nextcloud. Waiting..."
flock 9
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
exit 1
fi
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown $user:$group"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
# Install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
file_env MYSQL_DATABASE
file_env MYSQL_PASSWORD
file_env MYSQL_USER
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
run_path pre-installation
echo "Starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "Retrying install..."
try=$((try+1))
sleep 10s
done
if [ "$try" -gt "$max_retries" ]; then
echo "Installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "Setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
done
fi
run_path post-installation
else
echo "Please run the web-based installer on first connect!"
fi
fi
# Upgrade
else
run_path pre-upgrade
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
run_path post-upgrade
fi
echo "Initializing finished"
fi
# Update htaccess after init if requested
if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ maintenance:update:htaccess'
fi
) 9> /var/www/html/nextcloud-init-sync.lock
run_path before-starting
fi
exec "$@"

17
27/fpm-alpine/config/redis.config.php
View file

@ -1,17 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array(
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => (string) getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

30
27/fpm-alpine/config/reverse-proxy.config.php
View file

@ -1,30 +0,0 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteCliUrl = getenv('OVERWRITECLIURL');
if ($overwriteCliUrl) {
$CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

41
27/fpm-alpine/config/s3.config.php
View file

@ -1,41 +0,0 @@
<?php
if (getenv('OBJECTSTORE_S3_BUCKET')) {
$use_ssl = getenv('OBJECTSTORE_S3_SSL');
$use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
$use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
$autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
$CONFIG = array(
'objectstore' => array(
'class' => '\OC\Files\ObjectStore\S3',
'arguments' => array(
'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
// required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
)
)
);
if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
$CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_KEY')) {
$CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
} else {
$CONFIG['objectstore']['arguments']['key'] = '';
}
if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
$CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SECRET')) {
$CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
} else {
$CONFIG['objectstore']['arguments']['secret'] = '';
}
}

22
27/fpm-alpine/config/smtp.config.php
View file

@ -1,22 +0,0 @@
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
} else {
$CONFIG['mail_smtppassword'] = '';
}
}

4
27/fpm-alpine/cron.sh
View file

@ -1,4 +0,0 @@
#!/bin/sh
set -eu
exec busybox crond -f -l 0 -L /dev/stdout

279
27/fpm-alpine/entrypoint.sh
View file

@ -1,279 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p "$user" -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
# Execute all executable files in a given directory in alphanumeric order
run_path() {
local hook_folder_path="/docker-entrypoint-hooks.d/$1"
local return_code=0
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
if [ -z "$(ls -A "${hook_folder_path}")" ]; then
echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do"
return 0
fi
(
for script_file_path in "${hook_folder_path}/"*.sh; do
if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then
echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag"
continue
fi
echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
run_as "${script_file_path}" || return_code="$?"
if [ "${return_code}" -ne "0" ]; then
echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
exit 1
fi
echo "==> Finished the script: \"${script_file_path}\""
done
)
}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
if [ -n "${varValue}" ]; then
export "$var"="${varValue}"
elif [ -n "${fileVarValue}" ]; then
export "$var"="$(cat "${fileVarValue}")"
elif [ -n "${def}" ]; then
export "$var"="$def"
fi
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
uid="$(id -u)"
gid="$(id -g)"
if [ "$uid" = '0' ]; then
case "$1" in
apache2*)
user="${APACHE_RUN_USER:-www-data}"
group="${APACHE_RUN_GROUP:-www-data}"
# strip off any '#' symbol ('#1000' is valid syntax for Apache)
user="${user#'#'}"
group="${group#'#'}"
;;
*) # php-fpm
user='www-data'
group='www-data'
;;
esac
else
user="$uid"
group="$gid"
fi
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
file_env REDIS_HOST_PASSWORD
echo 'session.save_handler = redis'
# check if redis host is an unix socket path
if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"unix://${REDIS_HOST}\""
fi
# check if redis password has been set
elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
fi
echo "redis.session.locking_enabled = 1"
echo "redis.session.lock_retries = -1"
# redis.session.lock_wait_time is specified in microseconds.
# Wait 10ms before retrying the lock rather than the default 2ms.
echo "redis.session.lock_wait_time = 10000"
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
# If another process is syncing the html folder, wait for
# it to be done, then escape initalization.
(
if ! flock -n 9; then
# If we couldn't get it immediately, show a message, then wait for real
echo "Another process is initializing Nextcloud. Waiting..."
flock 9
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
exit 1
fi
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown $user:$group"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
# Install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
file_env MYSQL_DATABASE
file_env MYSQL_PASSWORD
file_env MYSQL_USER
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
run_path pre-installation
echo "Starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "Retrying install..."
try=$((try+1))
sleep 10s
done
if [ "$try" -gt "$max_retries" ]; then
echo "Installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "Setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
done
fi
run_path post-installation
else
echo "Please run the web-based installer on first connect!"
fi
fi
# Upgrade
else
run_path pre-upgrade
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
run_path post-upgrade
fi
echo "Initializing finished"
fi
# Update htaccess after init if requested
if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ maintenance:update:htaccess'
fi
) 9> /var/www/html/nextcloud-init-sync.lock
run_path before-starting
fi
exec "$@"

17
27/fpm/config/redis.config.php
View file

@ -1,17 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array(
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => (string) getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

30
27/fpm/config/reverse-proxy.config.php
View file

@ -1,30 +0,0 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteCliUrl = getenv('OVERWRITECLIURL');
if ($overwriteCliUrl) {
$CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

41
27/fpm/config/s3.config.php
View file

@ -1,41 +0,0 @@
<?php
if (getenv('OBJECTSTORE_S3_BUCKET')) {
$use_ssl = getenv('OBJECTSTORE_S3_SSL');
$use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
$use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
$autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
$CONFIG = array(
'objectstore' => array(
'class' => '\OC\Files\ObjectStore\S3',
'arguments' => array(
'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
// required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
)
)
);
if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
$CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_KEY')) {
$CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
} else {
$CONFIG['objectstore']['arguments']['key'] = '';
}
if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
$CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SECRET')) {
$CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
} else {
$CONFIG['objectstore']['arguments']['secret'] = '';
}
}

22
27/fpm/config/smtp.config.php
View file

@ -1,22 +0,0 @@
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
} else {
$CONFIG['mail_smtppassword'] = '';
}
}

4
27/fpm/cron.sh
View file

@ -1,4 +0,0 @@
#!/bin/sh
set -eu
exec busybox crond -f -l 0 -L /dev/stdout

279
27/fpm/entrypoint.sh
View file

@ -1,279 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p "$user" -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
# Execute all executable files in a given directory in alphanumeric order
run_path() {
local hook_folder_path="/docker-entrypoint-hooks.d/$1"
local return_code=0
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
if [ -z "$(ls -A "${hook_folder_path}")" ]; then
echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do"
return 0
fi
(
for script_file_path in "${hook_folder_path}/"*.sh; do
if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then
echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag"
continue
fi
echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
run_as "${script_file_path}" || return_code="$?"
if [ "${return_code}" -ne "0" ]; then
echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
exit 1
fi
echo "==> Finished the script: \"${script_file_path}\""
done
)
}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
if [ -n "${varValue}" ]; then
export "$var"="${varValue}"
elif [ -n "${fileVarValue}" ]; then
export "$var"="$(cat "${fileVarValue}")"
elif [ -n "${def}" ]; then
export "$var"="$def"
fi
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
uid="$(id -u)"
gid="$(id -g)"
if [ "$uid" = '0' ]; then
case "$1" in
apache2*)
user="${APACHE_RUN_USER:-www-data}"
group="${APACHE_RUN_GROUP:-www-data}"
# strip off any '#' symbol ('#1000' is valid syntax for Apache)
user="${user#'#'}"
group="${group#'#'}"
;;
*) # php-fpm
user='www-data'
group='www-data'
;;
esac
else
user="$uid"
group="$gid"
fi
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
file_env REDIS_HOST_PASSWORD
echo 'session.save_handler = redis'
# check if redis host is an unix socket path
if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"unix://${REDIS_HOST}\""
fi
# check if redis password has been set
elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
fi
echo "redis.session.locking_enabled = 1"
echo "redis.session.lock_retries = -1"
# redis.session.lock_wait_time is specified in microseconds.
# Wait 10ms before retrying the lock rather than the default 2ms.
echo "redis.session.lock_wait_time = 10000"
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
# If another process is syncing the html folder, wait for
# it to be done, then escape initalization.
(
if ! flock -n 9; then
# If we couldn't get it immediately, show a message, then wait for real
echo "Another process is initializing Nextcloud. Waiting..."
flock 9
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
exit 1
fi
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown $user:$group"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
# Install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
file_env MYSQL_DATABASE
file_env MYSQL_PASSWORD
file_env MYSQL_USER
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
run_path pre-installation
echo "Starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "Retrying install..."
try=$((try+1))
sleep 10s
done
if [ "$try" -gt "$max_retries" ]; then
echo "Installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "Setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
done
fi
run_path post-installation
else
echo "Please run the web-based installer on first connect!"
fi
fi
# Upgrade
else
run_path pre-upgrade
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
run_path post-upgrade
fi
echo "Initializing finished"
fi
# Update htaccess after init if requested
if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
run_as 'php /var/www/html/occ maintenance:update:htaccess'
fi
) 9> /var/www/html/nextcloud-init-sync.lock
run_path before-starting
fi
exec "$@"

14
26/apache/Dockerfile → 28/apache/Dockerfile
View file

@ -45,11 +45,13 @@ RUN set -ex; \
; \ ; \
\ \
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
docker-php-ext-configure ftp --with-openssl-dir=/usr; \
docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install -j "$(nproc)" \
bcmath \ bcmath \
exif \ exif \
ftp \
gd \ gd \
gmp \ gmp \
intl \ intl \
@ -63,10 +65,10 @@ RUN set -ex; \
; \ ; \
\ \
# pecl will claim success even if one install fails, so we need to perform each install separately # pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.22; \ pecl install APCu-5.1.24; \
pecl install imagick-3.7.0; \ pecl install imagick-3.7.0; \
pecl install memcached-3.2.0; \ pecl install memcached-3.3.0; \
pecl install redis-6.0.2; \ pecl install redis-6.1.0; \
\ \
docker-php-ext-enable \ docker-php-ext-enable \
apcu \ apcu \
@ -138,7 +140,7 @@ RUN { \
} > /etc/apache2/conf-available/apache-limits.conf; \ } > /etc/apache2/conf-available/apache-limits.conf; \
a2enconf apache-limits a2enconf apache-limits
ENV NEXTCLOUD_VERSION 26.0.7 ENV NEXTCLOUD_VERSION 28.0.14
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \ fetchDeps=" \
@ -148,8 +150,8 @@ RUN set -ex; \
apt-get update; \ apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \ apt-get install -y --no-install-recommends $fetchDeps; \
\ \
curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.7.tar.bz2"; \ curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.14.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.7.tar.bz2.asc"; \ curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.14.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \ export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc # gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

0
25/apache/config/apache-pretty-urls.config.php → 28/apache/config/apache-pretty-urls.config.php
View file

0
25/apache/config/apcu.config.php → 28/apache/config/apcu.config.php
View file

0
25/apache/config/apps.config.php → 28/apache/config/apps.config.php
View file

0
25/apache/config/autoconfig.php → 28/apache/config/autoconfig.php
View file

2
25/apache/config/redis.config.php → 28/apache/config/redis.config.php
View file

@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
'memcache.locking' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array( 'redis' => array(
'host' => getenv('REDIS_HOST'), 'host' => getenv('REDIS_HOST'),
'password' => (string) getenv('REDIS_HOST_PASSWORD'), 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
), ),
); );

5
25/apache/config/reverse-proxy.config.php → 28/apache/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

15
25/apache/config/s3.config.php → 28/apache/config/s3.config.php
View file

@ -12,9 +12,10 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, 'autocreate' => strtolower($autocreate) !== 'false',
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, 'use_ssl' => strtolower($use_ssl) !== 'false',
// required for some non Amazon S3 implementations // required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions // required for older protocol versions
@ -23,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
) )
); );
if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
$CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_KEY')) { } elseif (getenv('OBJECTSTORE_S3_KEY')) {
$CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -31,11 +32,17 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
$CONFIG['objectstore']['arguments']['key'] = ''; $CONFIG['objectstore']['arguments']['key'] = '';
} }
if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
$CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SECRET')) { } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
$CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
} else { } else {
$CONFIG['objectstore']['arguments']['secret'] = ''; $CONFIG['objectstore']['arguments']['secret'] = '';
} }
if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
$CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
$CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
}
} }

4
25/fpm-alpine/config/smtp.config.php → 28/apache/config/smtp.config.php
View file

@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'), 'mail_domain' => getenv('MAIL_DOMAIN'),
); );
if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { if (getenv('SMTP_PASSWORD_FILE')) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) { } elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');

0
25/apache/config/swift.config.php → 28/apache/config/swift.config.php
View file

4
28/apache/config/upgrade-disable-web.config.php Normal file
View file

@ -0,0 +1,4 @@
<?php
$CONFIG = array (
'upgrade.disable-web' => true,
);

4
28/apache/cron.sh Executable file
View file

@ -0,0 +1,4 @@
#!/bin/sh
set -eu
exec busybox crond -f -L /dev/stdout

36
25/apache/entrypoint.sh → 28/apache/entrypoint.sh
View file

@ -24,17 +24,17 @@ run_path() {
local hook_folder_path="/docker-entrypoint-hooks.d/$1" local hook_folder_path="/docker-entrypoint-hooks.d/$1"
local return_code=0 local return_code=0
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" if ! [ -d "${hook_folder_path}" ]; then
echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
if [ -z "$(ls -A "${hook_folder_path}")" ]; then
echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do"
return 0 return 0
fi fi
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
( (
for script_file_path in "${hook_folder_path}/"*.sh; do find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then if ! [ -x "${script_file_path}" ]; then
echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
continue continue
fi fi
@ -186,6 +186,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER file_env NEXTCLOUD_ADMIN_USER
install=false
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016 # shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -201,7 +202,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
file_env POSTGRES_PASSWORD file_env POSTGRES_PASSWORD
file_env POSTGRES_USER file_env POSTGRES_USER
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database" echo "Installing with SQLite database"
# shellcheck disable=SC2016 # shellcheck disable=SC2016
@ -225,7 +225,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
echo "Starting nextcloud installation" echo "Starting nextcloud installation"
max_retries=10 max_retries=10
try=0 try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] until [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options"
do do
echo "Retrying install..." echo "Retrying install..."
try=$((try+1)) try=$((try+1))
@ -246,10 +246,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
fi fi
run_path post-installation run_path post-installation
else
echo "Please run the web-based installer on first connect!"
fi fi
fi fi
# not enough specified to do a fully automated installation
if [ "$install" = false ]; then
echo "Next step: Access your instance to finish the web-based installation!"
echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
fi
# Upgrade # Upgrade
else else
run_path pre-upgrade run_path pre-upgrade
@ -273,6 +276,17 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
fi fi
) 9> /var/www/html/nextcloud-init-sync.lock ) 9> /var/www/html/nextcloud-init-sync.lock
# warn if config files on persistent storage differ from the latest version of this image
for cfgPath in /usr/src/nextcloud/config/*.php; do
cfgFile=$(basename "$cfgPath")
if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
fi
fi
done
run_path before-starting run_path before-starting
fi fi

0
25/apache/upgrade.exclude → 28/apache/upgrade.exclude
View file

23
27/fpm-alpine/Dockerfile → 28/fpm-alpine/Dockerfile
View file

@ -1,11 +1,18 @@
# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
FROM php:8.2-fpm-alpine3.18 FROM php:8.2-fpm-alpine3.21
# entrypoint.sh and cron.sh dependencies # entrypoint.sh and cron.sh dependencies
RUN set -ex; \ RUN set -ex; \
\ \
apk add --no-cache \ apk add --no-cache \
imagemagick \ imagemagick \
imagemagick-pdf \
imagemagick-jpeg \
imagemagick-raw \
imagemagick-tiff \
imagemagick-heic \
imagemagick-webp \
imagemagick-svg \
rsync \ rsync \
; \ ; \
\ \
@ -36,11 +43,13 @@ RUN set -ex; \
postgresql-dev \ postgresql-dev \
; \ ; \
\ \
docker-php-ext-configure ftp --with-openssl-dir=/usr; \
docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
docker-php-ext-configure ldap; \ docker-php-ext-configure ldap; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install -j "$(nproc)" \
bcmath \ bcmath \
exif \ exif \
ftp \
gd \ gd \
gmp \ gmp \
intl \ intl \
@ -54,10 +63,10 @@ RUN set -ex; \
; \ ; \
\ \
# pecl will claim success even if one install fails, so we need to perform each install separately # pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.22; \ pecl install APCu-5.1.24; \
pecl install imagick-3.7.0; \ pecl install imagick-3.7.0; \
pecl install memcached-3.2.0; \ pecl install memcached-3.3.0; \
pecl install redis-6.0.2; \ pecl install redis-6.1.0; \
\ \
docker-php-ext-enable \ docker-php-ext-enable \
apcu \ apcu \
@ -111,7 +120,7 @@ RUN { \
VOLUME /var/www/html VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 27.1.2 ENV NEXTCLOUD_VERSION 28.0.14
RUN set -ex; \ RUN set -ex; \
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
@ -119,8 +128,8 @@ RUN set -ex; \
gnupg \ gnupg \
; \ ; \
\ \
curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.2.tar.bz2"; \ curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.14.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.2.tar.bz2.asc"; \ curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.14.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \ export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc # gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

0
25/fpm-alpine/config/apcu.config.php → 28/fpm-alpine/config/apcu.config.php
View file

0
25/fpm-alpine/config/apps.config.php → 28/fpm-alpine/config/apps.config.php
View file

0
25/fpm-alpine/config/autoconfig.php → 28/fpm-alpine/config/autoconfig.php
View file

2
25/fpm-alpine/config/redis.config.php → 28/fpm-alpine/config/redis.config.php
View file

@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
'memcache.locking' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array( 'redis' => array(
'host' => getenv('REDIS_HOST'), 'host' => getenv('REDIS_HOST'),
'password' => (string) getenv('REDIS_HOST_PASSWORD'), 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
), ),
); );

5
25/fpm-alpine/config/reverse-proxy.config.php → 28/fpm-alpine/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

15
25/fpm-alpine/config/s3.config.php → 28/fpm-alpine/config/s3.config.php
View file

@ -12,9 +12,10 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, 'autocreate' => strtolower($autocreate) !== 'false',
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, 'use_ssl' => strtolower($use_ssl) !== 'false',
// required for some non Amazon S3 implementations // required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions // required for older protocol versions
@ -23,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
) )
); );
if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
$CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_KEY')) { } elseif (getenv('OBJECTSTORE_S3_KEY')) {
$CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -31,11 +32,17 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
$CONFIG['objectstore']['arguments']['key'] = ''; $CONFIG['objectstore']['arguments']['key'] = '';
} }
if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
$CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SECRET')) { } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
$CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
} else { } else {
$CONFIG['objectstore']['arguments']['secret'] = ''; $CONFIG['objectstore']['arguments']['secret'] = '';
} }
if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
$CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
$CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
}
} }

4
25/fpm/config/smtp.config.php → 28/fpm-alpine/config/smtp.config.php
View file

@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'), 'mail_domain' => getenv('MAIL_DOMAIN'),
); );
if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { if (getenv('SMTP_PASSWORD_FILE')) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) { } elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');

0
25/fpm-alpine/config/swift.config.php → 28/fpm-alpine/config/swift.config.php
View file

4
28/fpm-alpine/config/upgrade-disable-web.config.php Normal file
View file

@ -0,0 +1,4 @@
<?php
$CONFIG = array (
'upgrade.disable-web' => true,
);

4
28/fpm-alpine/cron.sh Executable file
View file

@ -0,0 +1,4 @@
#!/bin/sh
set -eu
exec busybox crond -f -L /dev/stdout

36
25/fpm-alpine/entrypoint.sh → 28/fpm-alpine/entrypoint.sh
View file

@ -24,17 +24,17 @@ run_path() {
local hook_folder_path="/docker-entrypoint-hooks.d/$1" local hook_folder_path="/docker-entrypoint-hooks.d/$1"
local return_code=0 local return_code=0
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" if ! [ -d "${hook_folder_path}" ]; then
echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
if [ -z "$(ls -A "${hook_folder_path}")" ]; then
echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do"
return 0 return 0
fi fi
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
( (
for script_file_path in "${hook_folder_path}/"*.sh; do find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then if ! [ -x "${script_file_path}" ]; then
echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
continue continue
fi fi
@ -186,6 +186,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER file_env NEXTCLOUD_ADMIN_USER
install=false
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016 # shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -201,7 +202,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
file_env POSTGRES_PASSWORD file_env POSTGRES_PASSWORD
file_env POSTGRES_USER file_env POSTGRES_USER
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database" echo "Installing with SQLite database"
# shellcheck disable=SC2016 # shellcheck disable=SC2016
@ -225,7 +225,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
echo "Starting nextcloud installation" echo "Starting nextcloud installation"
max_retries=10 max_retries=10
try=0 try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] until [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options"
do do
echo "Retrying install..." echo "Retrying install..."
try=$((try+1)) try=$((try+1))
@ -246,10 +246,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
fi fi
run_path post-installation run_path post-installation
else
echo "Please run the web-based installer on first connect!"
fi fi
fi fi
# not enough specified to do a fully automated installation
if [ "$install" = false ]; then
echo "Next step: Access your instance to finish the web-based installation!"
echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
fi
# Upgrade # Upgrade
else else
run_path pre-upgrade run_path pre-upgrade
@ -273,6 +276,17 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
fi fi
) 9> /var/www/html/nextcloud-init-sync.lock ) 9> /var/www/html/nextcloud-init-sync.lock
# warn if config files on persistent storage differ from the latest version of this image
for cfgPath in /usr/src/nextcloud/config/*.php; do
cfgFile=$(basename "$cfgPath")
if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
fi
fi
done
run_path before-starting run_path before-starting
fi fi

0
25/fpm-alpine/upgrade.exclude → 28/fpm-alpine/upgrade.exclude
View file

14
26/fpm/Dockerfile → 28/fpm/Dockerfile
View file

@ -45,11 +45,13 @@ RUN set -ex; \
; \ ; \
\ \
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
docker-php-ext-configure ftp --with-openssl-dir=/usr; \
docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install -j "$(nproc)" \
bcmath \ bcmath \
exif \ exif \
ftp \
gd \ gd \
gmp \ gmp \
intl \ intl \
@ -63,10 +65,10 @@ RUN set -ex; \
; \ ; \
\ \
# pecl will claim success even if one install fails, so we need to perform each install separately # pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.22; \ pecl install APCu-5.1.24; \
pecl install imagick-3.7.0; \ pecl install imagick-3.7.0; \
pecl install memcached-3.2.0; \ pecl install memcached-3.3.0; \
pecl install redis-6.0.2; \ pecl install redis-6.1.0; \
\ \
docker-php-ext-enable \ docker-php-ext-enable \
apcu \ apcu \
@ -123,7 +125,7 @@ RUN { \
VOLUME /var/www/html VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 26.0.7 ENV NEXTCLOUD_VERSION 28.0.14
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \ fetchDeps=" \
@ -133,8 +135,8 @@ RUN set -ex; \
apt-get update; \ apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \ apt-get install -y --no-install-recommends $fetchDeps; \
\ \
curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.7.tar.bz2"; \ curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.14.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.7.tar.bz2.asc"; \ curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.14.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \ export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc # gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

0
25/fpm/config/apcu.config.php → 28/fpm/config/apcu.config.php
View file

0
25/fpm/config/apps.config.php → 28/fpm/config/apps.config.php
View file

0
25/fpm/config/autoconfig.php → 28/fpm/config/autoconfig.php
View file

2
25/fpm/config/redis.config.php → 28/fpm/config/redis.config.php
View file

@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
'memcache.locking' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array( 'redis' => array(
'host' => getenv('REDIS_HOST'), 'host' => getenv('REDIS_HOST'),
'password' => (string) getenv('REDIS_HOST_PASSWORD'), 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
), ),
); );

5
25/fpm/config/reverse-proxy.config.php → 28/fpm/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

15
25/fpm/config/s3.config.php → 28/fpm/config/s3.config.php
View file

@ -12,9 +12,10 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, 'autocreate' => strtolower($autocreate) !== 'false',
'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, 'use_ssl' => strtolower($use_ssl) !== 'false',
// required for some non Amazon S3 implementations // required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions // required for older protocol versions
@ -23,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
) )
); );
if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
$CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_KEY')) { } elseif (getenv('OBJECTSTORE_S3_KEY')) {
$CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@ -31,11 +32,17 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
$CONFIG['objectstore']['arguments']['key'] = ''; $CONFIG['objectstore']['arguments']['key'] = '';
} }
if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
$CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SECRET')) { } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
$CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
} else { } else {
$CONFIG['objectstore']['arguments']['secret'] = ''; $CONFIG['objectstore']['arguments']['secret'] = '';
} }
if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
$CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
$CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
}
} }

4
25/apache/config/smtp.config.php → 28/fpm/config/smtp.config.php
View file

@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'), 'mail_domain' => getenv('MAIL_DOMAIN'),
); );
if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { if (getenv('SMTP_PASSWORD_FILE')) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) { } elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');

0
25/fpm/config/swift.config.php → 28/fpm/config/swift.config.php
View file

4
28/fpm/config/upgrade-disable-web.config.php Normal file
View file

@ -0,0 +1,4 @@
<?php
$CONFIG = array (
'upgrade.disable-web' => true,
);

4
28/fpm/cron.sh Executable file
View file

@ -0,0 +1,4 @@
#!/bin/sh
set -eu
exec busybox crond -f -L /dev/stdout

36
25/fpm/entrypoint.sh → 28/fpm/entrypoint.sh
View file

@ -24,17 +24,17 @@ run_path() {
local hook_folder_path="/docker-entrypoint-hooks.d/$1" local hook_folder_path="/docker-entrypoint-hooks.d/$1"
local return_code=0 local return_code=0
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" if ! [ -d "${hook_folder_path}" ]; then
echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
if [ -z "$(ls -A "${hook_folder_path}")" ]; then
echo "==> but the hook folder \"$(basename "${hook_folder_path}")\" is empty, so nothing to do"
return 0 return 0
fi fi
echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
( (
for script_file_path in "${hook_folder_path}/"*.sh; do find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
if ! [ -x "${script_file_path}" ] && [ -f "${script_file_path}" ]; then if ! [ -x "${script_file_path}" ]; then
echo "==> The script \"${script_file_path}\" in the folder \"${hook_folder_path}\" was skipping, because it didn't have the executable flag" echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
continue continue
fi fi
@ -186,6 +186,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER file_env NEXTCLOUD_ADMIN_USER
install=false
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016 # shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -201,7 +202,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
file_env POSTGRES_PASSWORD file_env POSTGRES_PASSWORD
file_env POSTGRES_USER file_env POSTGRES_USER
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database" echo "Installing with SQLite database"
# shellcheck disable=SC2016 # shellcheck disable=SC2016
@ -225,7 +225,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
echo "Starting nextcloud installation" echo "Starting nextcloud installation"
max_retries=10 max_retries=10
try=0 try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] until [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options"
do do
echo "Retrying install..." echo "Retrying install..."
try=$((try+1)) try=$((try+1))
@ -246,10 +246,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
fi fi
run_path post-installation run_path post-installation
else
echo "Please run the web-based installer on first connect!"
fi fi
fi fi
# not enough specified to do a fully automated installation
if [ "$install" = false ]; then
echo "Next step: Access your instance to finish the web-based installation!"
echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
fi
# Upgrade # Upgrade
else else
run_path pre-upgrade run_path pre-upgrade
@ -273,6 +276,17 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
fi fi
) 9> /var/www/html/nextcloud-init-sync.lock ) 9> /var/www/html/nextcloud-init-sync.lock
# warn if config files on persistent storage differ from the latest version of this image
for cfgPath in /usr/src/nextcloud/config/*.php; do
cfgFile=$(basename "$cfgPath")
if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
fi
fi
done
run_path before-starting run_path before-starting
fi fi

0
25/fpm/upgrade.exclude → 28/fpm/upgrade.exclude
View file

17
25/apache/Dockerfile → 29/apache/Dockerfile
View file

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:8.1-apache-bullseye FROM php:8.2-apache-bookworm
# entrypoint.sh and cron.sh dependencies # entrypoint.sh and cron.sh dependencies
RUN set -ex; \ RUN set -ex; \
@ -45,11 +45,13 @@ RUN set -ex; \
; \ ; \
\ \
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
docker-php-ext-configure ftp --with-openssl-dir=/usr; \
docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install -j "$(nproc)" \
bcmath \ bcmath \
exif \ exif \
ftp \
gd \ gd \
gmp \ gmp \
intl \ intl \
@ -58,14 +60,15 @@ RUN set -ex; \
pcntl \ pcntl \
pdo_mysql \ pdo_mysql \
pdo_pgsql \ pdo_pgsql \
sysvsem \
zip \ zip \
; \ ; \
\ \
# pecl will claim success even if one install fails, so we need to perform each install separately # pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.22; \ pecl install APCu-5.1.24; \
pecl install imagick-3.7.0; \ pecl install imagick-3.7.0; \
pecl install memcached-3.2.0; \ pecl install memcached-3.3.0; \
pecl install redis-6.0.2; \ pecl install redis-6.1.0; \
\ \
docker-php-ext-enable \ docker-php-ext-enable \
apcu \ apcu \
@ -137,7 +140,7 @@ RUN { \
} > /etc/apache2/conf-available/apache-limits.conf; \ } > /etc/apache2/conf-available/apache-limits.conf; \
a2enconf apache-limits a2enconf apache-limits
ENV NEXTCLOUD_VERSION 25.0.12 ENV NEXTCLOUD_VERSION 29.0.10
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \ fetchDeps=" \
@ -147,8 +150,8 @@ RUN set -ex; \
apt-get update; \ apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \ apt-get install -y --no-install-recommends $fetchDeps; \
\ \
curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-25.0.12.tar.bz2"; \ curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.10.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-25.0.12.tar.bz2.asc"; \ curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.10.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \ export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc # gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

0
26/apache/config/apache-pretty-urls.config.php → 29/apache/config/apache-pretty-urls.config.php
View file

0
26/apache/config/apcu.config.php → 29/apache/config/apcu.config.php
View file

Some files were not shown because too many files have changed in this diff Show more