From f4429bb0ffca70fa6d59cdd5ef342d19b374239d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20M=C3=A9lotte?= Date: Tue, 26 Sep 2023 11:38:07 +0200 Subject: [PATCH 1/2] README.md: clarify that _HOST variables cannot be files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The auto configuration sections seems to imply that POSTGRES_HOST and MYSQL_HOST can be file variables, while this is not supported. If all variables are set as files including the host, the installation will not be done automatically. This can be hard to figure out, as during the first start of the container nothing indicates why the auto configuration is not done. To try to make it a bit clearer in the README, explicitly mention that using a file for the hosts variable is not supported. Furthermore, in the docker secrets section it's currently easy to misread the fact that the last variable mentioned (the host) is not using '_FILE'. Since it's anyway not part of the group of variables that support secrets, remove it from the list to avoid confusion. Signed-off-by: Raphaël Mélotte --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a4592d70..2909c726 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,7 @@ __PostgreSQL__: - `POSTGRES_PASSWORD` Password for the database user using postgres. - `POSTGRES_HOST` Hostname of the database server using postgres. -As an alternative to passing sensitive information via environment variables, `_FILE` may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. See [Docker secrets](#docker-secrets) section below. +As an alternative to passing sensitive information via environment variables, `_FILE` may be appended to the previously listed environment variables (except for `POSTGRES_HOST` and `MYSQL_HOST`, which cannot be loaded from files), , causing the initialization script to load the values for those variables from files present in the container. See [Docker secrets](#docker-secrets) section below. If you set any group of values (i.e. all of `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_HOST`), they will not be asked in the install page on first run. With a complete configuration by using all variables for your database type, you can additionally configure your Nextcloud instance by setting admin user and password (only works if you set both): @@ -424,7 +424,7 @@ secrets: Currently, this is only supported for `NEXTCLOUD_ADMIN_PASSWORD`, `NEXTCLOUD_ADMIN_USER`, `MYSQL_DATABASE`, `MYSQL_PASSWORD`, `MYSQL_USER`, `POSTGRES_DB`, `POSTGRES_PASSWORD`, `POSTGRES_USER`, `REDIS_HOST_PASSWORD`, `SMTP_PASSWORD`, `OBJECTSTORE_S3_KEY`, and `OBJECTSTORE_S3_SECRET`. -If you set any group of values (i.e. all of `MYSQL_DATABASE_FILE`, `MYSQL_USER_FILE`, `MYSQL_PASSWORD_FILE`, `MYSQL_HOST`), the script will not use the corresponding group of environment variables (`MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_HOST`). +If you set any group of values (i.e. all of `MYSQL_DATABASE_FILE`, `MYSQL_USER_FILE`, `MYSQL_PASSWORD_FILE`), the script will not use the corresponding group of environment variables (`MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`). # Make your Nextcloud available from the internet Until here, your Nextcloud is just available from your docker host. If you want your Nextcloud available from the internet adding SSL encryption is mandatory. From 70358187fdfd4a50535cef1f36a2e4450db2d731 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20M=C3=A9lotte?= Date: Tue, 26 Sep 2023 13:23:50 +0200 Subject: [PATCH 2/2] docker-entrypoint.sh: exit if DB host not set MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since all DB variables but the host can be set using secrets (by appending '_FILE' to the variable name), it can be easy for a user to mis-configure their DB host variable by storing them in MYSQL_HOST_FILE or POSTGRESQL_HOST_FILE (which is not supported). When that happens, the auto configuration is skipped. Such a situation is a bit cumbersome to figure out as nothing indicates why the auto configuration is skipped. To make to make it obvious to the user, exit early if DB variables have been set (using secrets or not), but the host has not been set (for example, because it was set in MYSQL_HOST_FILE). Signed-off-by: Raphaël Mélotte --- docker-entrypoint.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 4c85f6ad..93787303 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -207,12 +207,20 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # shellcheck disable=SC2016 install_options=$install_options' --database-name "$SQLITE_DATABASE"' install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then + elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ]; then + if [ -z "${MYSQL_HOST}" ] ; then + echo "MySQL credentials set but no MySQL host set. Please make sure \$MYSQL_HOST is set." + exit 1 + fi echo "Installing with MySQL database" # shellcheck disable=SC2016 install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then + elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ]; then + if [ -z "${POSTGRES_HOST}" ] ; then + echo "PostgreSQL credentials set but no PostgreSQL host set. Please make sure \$POSTGRES_HOST is set." + exit 1 + fi echo "Installing with PostgreSQL database" # shellcheck disable=SC2016 install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'