aaron/nextcloud-docker
0
0
Fork 0
mirror of https://github.com/nextcloud/docker.git synced 2025-06-16 16:14:47 +02:00
Code Activity

Merge branch 'master' into master

Browse source
This commit is contained in:
kgw4it 2020-08-24 10:27:20 +02:00 committed by GitHub
commit b47af968a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
284 changed files with 7267 additions and 2098 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.config/autoconfig.php
View file

@ -23,9 +23,5 @@ if (getenv('SQLITE_DATABASE')) {
} }
if ($autoconfig_enabled) { if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
} }

9
.config/redis.config.php
View file

@ -5,8 +5,13 @@ if (getenv('REDIS_HOST')) {
'memcache.locking' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array( 'redis' => array(
'host' => getenv('REDIS_HOST'), 'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379, 'password' => getenv('REDIS_HOST_PASSWORD'),
), ),
); );
}
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

25
.config/reverse-proxy.config.php Normal file
View file

@ -0,0 +1,25 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

2
.examples/README.md
View file

@ -50,7 +50,7 @@ The required steps for each optional/recommended package that is not already in
`apt install ffmpeg` `apt install ffmpeg`
#### imagemagick SVG support #### imagemagick SVG support
`apt install libmagickcore-6.q16-3-extra` `apt install libmagickcore-6.q16-6-extra`
#### LibreOffice #### LibreOffice
`apt install libreoffice` `apt install libreoffice`

76
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf
View file

@ -36,21 +36,25 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -62,14 +66,18 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
# set max upload size # set max upload size
@ -89,68 +97,72 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php$request_uri; rewrite ^ /index.php;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all; deny all;
} }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js and css files # Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ { location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

76
.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
View file

@ -36,21 +36,25 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -62,14 +66,18 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
# set max upload size # set max upload size
@ -89,68 +97,72 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php$request_uri; rewrite ^ /index.php;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all; deny all;
} }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js and css files # Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ { location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

3
.examples/docker-compose/insecure/postgres/apache/db.env
View file

@ -1,2 +1,3 @@
POSTGRES_PASSWORD= POSTGRES_PASSWORD=
POSTGRES_USER=postgres POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud

1
.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
View file

@ -18,7 +18,6 @@ services:
- nextcloud:/var/www/html - nextcloud:/var/www/html
environment: environment:
- POSTGRES_HOST=db - POSTGRES_HOST=db
- POSTGRES_DB=nextcloud
env_file: env_file:
- db.env - db.env
depends_on: depends_on:

3
.examples/docker-compose/insecure/postgres/fpm/db.env
View file

@ -1,2 +1,3 @@
POSTGRES_PASSWORD= POSTGRES_PASSWORD=
POSTGRES_USER=postgres POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud

1
.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
View file

@ -16,7 +16,6 @@ services:
- nextcloud:/var/www/html - nextcloud:/var/www/html
environment: environment:
- POSTGRES_HOST=db - POSTGRES_HOST=db
- POSTGRES_DB=nextcloud
env_file: env_file:
- db.env - db.env
depends_on: depends_on:

76
.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
View file

@ -36,21 +36,25 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -62,14 +66,18 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
# set max upload size # set max upload size
@ -89,68 +97,72 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php$request_uri; rewrite ^ /index.php;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all; deny all;
} }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js and css files # Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ { location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

76
.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf
View file

@ -41,21 +41,25 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -67,14 +71,18 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
# set max upload size # set max upload size
@ -94,68 +102,72 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php$request_uri; rewrite ^ /index.php;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all; deny all;
} }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js and css files # Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ { location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

76
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf
View file

@ -41,21 +41,25 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -67,14 +71,18 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
# set max upload size # set max upload size
@ -94,68 +102,72 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php$request_uri; rewrite ^ /index.php;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all; deny all;
} }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js and css files # Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ { location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

76
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
View file

@ -41,21 +41,25 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -67,14 +71,18 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
# set max upload size # set max upload size
@ -94,68 +102,72 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php$request_uri; rewrite ^ /index.php;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all; deny all;
} }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js and css files # Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ { location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

3
.examples/docker-compose/with-nginx-proxy/postgres/apache/db.env
View file

@ -1,2 +1,3 @@
POSTGRES_PASSWORD= POSTGRES_PASSWORD=
POSTGRES_USER=postgres POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud

1
.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
View file

@ -19,7 +19,6 @@ services:
- LETSENCRYPT_HOST= - LETSENCRYPT_HOST=
- LETSENCRYPT_EMAIL= - LETSENCRYPT_EMAIL=
- POSTGRES_HOST=db - POSTGRES_HOST=db
- POSTGRES_DB=nextcloud
env_file: env_file:
- db.env - db.env
depends_on: depends_on:

3
.examples/docker-compose/with-nginx-proxy/postgres/fpm/db.env
View file

@ -1,2 +1,3 @@
POSTGRES_PASSWORD= POSTGRES_PASSWORD=
POSTGRES_USER=postgres POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud

1
.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
View file

@ -16,7 +16,6 @@ services:
- nextcloud:/var/www/html - nextcloud:/var/www/html
environment: environment:
- POSTGRES_HOST=db - POSTGRES_HOST=db
- POSTGRES_DB=nextcloud
env_file: env_file:
- db.env - db.env
depends_on: depends_on:

76
.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
View file

@ -41,21 +41,25 @@ http {
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html; root /var/www/html;
location = /robots.txt { location = /robots.txt {
@ -67,14 +71,18 @@ http {
# The following 2 rules are only needed for the user_webfinger app. # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app. # Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav; return 301 $scheme://$host:$server_port/remote.php/dav;
} }
# set max upload size # set max upload size
@ -94,68 +102,72 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php$request_uri; rewrite ^ /index.php;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all; deny all;
} }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;
#Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
# Adding the cache control header for js and css files # Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block # Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif)$ { location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to # Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above) # have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into # Before enabling Strict-Transport-Security headers please read into
# this topic first. # this topic first.
# add_header Strict-Transport-Security "max-age=15768000; #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# includeSubDomains; preload;";
# #
# WARNING: Only add the preload option once you read about # WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy no-referrer; add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets # Optional: Don't log access to other assets
access_log off; access_log off;
} }
} }
} }

4
.examples/dockerfiles/cron/apache/Dockerfile
View file

@ -5,8 +5,8 @@ RUN apt-get update && apt-get install -y \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& mkdir /var/log/supervisord /var/run/supervisord && mkdir /var/log/supervisord /var/run/supervisord
COPY supervisord.conf /etc/supervisor/supervisord.conf COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1 ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

4
.examples/dockerfiles/cron/fpm-alpine/Dockerfile
View file

@ -3,8 +3,8 @@ FROM nextcloud:fpm-alpine
RUN apk add --no-cache supervisor \ RUN apk add --no-cache supervisor \
&& mkdir /var/log/supervisord /var/run/supervisord && mkdir /var/log/supervisord /var/run/supervisord
COPY supervisord.conf /etc/supervisor/supervisord.conf COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1 ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

4
.examples/dockerfiles/cron/fpm/Dockerfile
View file

@ -5,8 +5,8 @@ RUN apt-get update && apt-get install -y \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& mkdir /var/log/supervisord /var/run/supervisord && mkdir /var/log/supervisord /var/run/supervisord
COPY supervisord.conf /etc/supervisor/supervisord.conf COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1 ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

12
.examples/dockerfiles/full/apache/Dockerfile
View file

@ -5,7 +5,8 @@ RUN set -ex; \
apt-get update; \ apt-get update; \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
ffmpeg \ ffmpeg \
libmagickcore-6.q16-3-extra \ libmagickcore-6.q16-6-extra \
procps \
smbclient \ smbclient \
supervisor \ supervisor \
# libreoffice \ # libreoffice \
@ -20,16 +21,13 @@ RUN set -ex; \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
libbz2-dev \ libbz2-dev \
libc-client-dev \ libc-client-dev \
libgmp3-dev \
libkrb5-dev \ libkrb5-dev \
libsmbclient-dev \ libsmbclient-dev \
; \ ; \
\ \
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h; \
docker-php-ext-install \ docker-php-ext-install \
bz2 \ bz2 \
gmp \
imap \ imap \
; \ ; \
pecl install smbclient; \ pecl install smbclient; \
@ -55,9 +53,7 @@ RUN mkdir -p \
/var/run/supervisord \ /var/run/supervisord \
; ;
COPY supervisord.conf /etc/supervisor/supervisord.conf COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1 ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
CMD ["/usr/bin/supervisord"]

9
.examples/dockerfiles/full/fpm-alpine/Dockerfile
View file

@ -5,6 +5,7 @@ RUN set -ex; \
apk add --no-cache \ apk add --no-cache \
ffmpeg \ ffmpeg \
imagemagick \ imagemagick \
procps \
samba-client \ samba-client \
supervisor \ supervisor \
# libreoffice \ # libreoffice \
@ -16,16 +17,14 @@ RUN set -ex; \
$PHPIZE_DEPS \ $PHPIZE_DEPS \
imap-dev \ imap-dev \
krb5-dev \ krb5-dev \
libressl-dev \ openssl-dev \
samba-dev \ samba-dev \
bzip2-dev \ bzip2-dev \
gmp-dev \
; \ ; \
\ \
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install \ docker-php-ext-install \
bz2 \ bz2 \
gmp \
imap \ imap \
; \ ; \
pecl install smbclient; \ pecl install smbclient; \
@ -45,8 +44,8 @@ RUN mkdir -p \
/var/run/supervisord \ /var/run/supervisord \
; ;
COPY supervisord.conf /etc/supervisor/supervisord.conf COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1 ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

10
.examples/dockerfiles/full/fpm/Dockerfile
View file

@ -5,7 +5,8 @@ RUN set -ex; \
apt-get update; \ apt-get update; \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
ffmpeg \ ffmpeg \
libmagickcore-6.q16-3-extra \ libmagickcore-6.q16-6-extra \
procps \
smbclient \ smbclient \
supervisor \ supervisor \
# libreoffice \ # libreoffice \
@ -20,16 +21,13 @@ RUN set -ex; \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
libbz2-dev \ libbz2-dev \
libc-client-dev \ libc-client-dev \
libgmp3-dev \
libkrb5-dev \ libkrb5-dev \
libsmbclient-dev \ libsmbclient-dev \
; \ ; \
\ \
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h; \
docker-php-ext-install \ docker-php-ext-install \
bz2 \ bz2 \
gmp \
imap \ imap \
; \ ; \
pecl install smbclient; \ pecl install smbclient; \
@ -54,8 +52,8 @@ RUN mkdir -p \
/var/run/supervisord \ /var/run/supervisord \
; ;
COPY supervisord.conf /etc/supervisor/supervisord.conf COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1 ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

2
.examples/dockerfiles/imap/fpm-alpine/Dockerfile
View file

@ -6,7 +6,7 @@ RUN set -ex; \
$PHPIZE_DEPS \ $PHPIZE_DEPS \
imap-dev \ imap-dev \
krb5-dev \ krb5-dev \
libressl-dev \ openssl-dev \
; \ ; \
\ \
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \

2
.examples/dockerfiles/smb/apache/Dockerfile
View file

@ -1,3 +1,3 @@
FROM nextcloud:apache FROM nextcloud:apache
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*

2
.examples/dockerfiles/smb/fpm-alpine/Dockerfile
View file

@ -1,3 +1,3 @@
FROM nextcloud:fpm-alpine FROM nextcloud:fpm-alpine
RUN apk add --no-cache samba-client RUN apk add --no-cache procps samba-client

2
.examples/dockerfiles/smb/fpm/Dockerfile
View file

@ -1,3 +1,3 @@
FROM nextcloud:fpm FROM nextcloud:fpm
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*

49
.github/workflows/images.yml vendored Normal file
View file

@ -0,0 +1,49 @@
name: Images
on:
pull_request:
push:
schedule:
- cron: 0 0 * * *
defaults:
run:
shell: 'bash -Eeuo pipefail -x {0}'
jobs:
generate-jobs:
name: Generate Jobs
runs-on: ubuntu-latest
outputs:
strategy: ${{ steps.generate-jobs.outputs.strategy }}
steps:
- uses: actions/checkout@v2
- id: generate-jobs
name: Generate Jobs
run: |
git clone --depth 1 https://github.com/docker-library/bashbrew.git -b master ~/bashbrew
strategy="$(GITHUB_REPOSITORY=nextcloud ~/bashbrew/scripts/github-actions/generate.sh)"
strategy="$(~/bashbrew/scripts/github-actions/munge-i386.sh -c <<<"$strategy")"
jq . <<<"$strategy" # sanity check / debugging aid
echo "::set-output name=strategy::$strategy"
test:
needs: generate-jobs
strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }}
name: ${{ matrix.name }}
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v2
- name: Prepare Environment
run: ${{ matrix.runs.prepare }}
- name: Pull Dependencies
run: ${{ matrix.runs.pull }}
- name: Build ${{ matrix.name }}
run: ${{ matrix.runs.build }}
- name: History ${{ matrix.name }}
run: ${{ matrix.runs.history }}
- name: Test ${{ matrix.name }}
run: ${{ matrix.runs.test }}
- name: '"docker images"'
run: ${{ matrix.runs.images }}

22
.github/workflows/update-sh.yml vendored Normal file
View file

@ -0,0 +1,22 @@
name: update.sh
on:
pull_request:
defaults:
run:
shell: 'bash -Eeuo pipefail -x {0}'
jobs:
check-changes:
name: Check for Changes
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Check for Changes
run: |
hash_before="$(git write-tree)"
./update.sh
git add -A
[[ "$hash_before" = "$(git write-tree)" ]]

87
.travis.yml
View file

@ -1,87 +0,0 @@
language: bash
services: docker
branches:
only:
- master
# preload images to avoid timeouts in tests
before_install:
- docker pull mariadb:10
- docker pull postgres:11-alpine
install:
- git clone https://github.com/docker-library/official-images.git ~/official-images
before_script:
- env | sort
- wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash
- image="nextcloud:${VERSION}${VARIANT:+-$VARIANT}"
- if [[ "$ARCH" == 'i386' ]]; then sed -i -e 's/FROM php/FROM i386\/php/g' "${VERSION}/${VARIANT}/Dockerfile"; fi
script:
- |
(
set -Eeuo pipefail
set -x
travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
travis_retry ~/official-images/test/run.sh "$image"
.travis/test-example-dockerfiles.sh "$image"
)
after_script:
- docker images
jobs:
# https://github.com/docker-library/php/issues/822
allow_failures:
- env: VERSION=15.0 VARIANT=apache ARCH=i386
- env: VERSION=16.0 VARIANT=apache ARCH=i386
- env: VERSION=15.0-rc VARIANT=apache ARCH=i386
- env: VERSION=16.0-rc VARIANT=apache ARCH=i386
include:
- &test-scripts
stage: test scripts
env: SCRIPT=update.sh
services: []
install: skip
before_script: skip
script:
- hash_before=$(git write-tree)
- travis_retry ./update.sh
- bash -c "[[ $hash_before = $(git add -A && git write-tree) ]]"
after_script: skip
- <<: *test-scripts
env: SCRIPT=generate-stackbrew-library.sh
install:
- wget -O "$HOME/bin/bashbrew" https://doi-janky.infosiftr.net/job/bashbrew/lastSuccessfulBuild/artifact/bin/bashbrew-amd64
- chmod +x "$HOME/bin/bashbrew"
script:
- travis_retry ./generate-stackbrew-library.sh
- stage: test images
env: VERSION=14.0-rc VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=14.0-rc VARIANT=fpm-alpine ARCH=i386
- env: VERSION=14.0-rc VARIANT=fpm ARCH=amd64
- env: VERSION=14.0-rc VARIANT=fpm ARCH=i386
- env: VERSION=14.0-rc VARIANT=apache ARCH=amd64
- env: VERSION=14.0-rc VARIANT=apache ARCH=i386
- env: VERSION=14.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=14.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=14.0 VARIANT=fpm ARCH=amd64
- env: VERSION=14.0 VARIANT=fpm ARCH=i386
- env: VERSION=14.0 VARIANT=apache ARCH=amd64
- env: VERSION=14.0 VARIANT=apache ARCH=i386
- env: VERSION=15.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=15.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=15.0 VARIANT=fpm ARCH=amd64
- env: VERSION=15.0 VARIANT=fpm ARCH=i386
- env: VERSION=15.0 VARIANT=apache ARCH=amd64
- env: VERSION=15.0 VARIANT=apache ARCH=i386
- env: VERSION=16.0 VARIANT=fpm-alpine ARCH=amd64
- env: VERSION=16.0 VARIANT=fpm-alpine ARCH=i386
- env: VERSION=16.0 VARIANT=fpm ARCH=amd64
- env: VERSION=16.0 VARIANT=fpm ARCH=i386
- env: VERSION=16.0 VARIANT=apache ARCH=amd64
- env: VERSION=16.0 VARIANT=apache ARCH=i386

12
14.0-rc/apache/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

12
14.0-rc/fpm-alpine/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

12
14.0-rc/fpm/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

12
14.0/apache/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

31
14.0/fpm-alpine/config/autoconfig.php
View file

@ -1,31 +0,0 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
}

12
14.0/fpm-alpine/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

140
14.0/fpm-alpine/entrypoint.sh
View file

@ -1,140 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
echo "Initializing finished"
#install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
echo "starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "retrying install..."
try=$((try+1))
sleep 3s
done
if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
done
fi
else
echo "running web-based installer on first connect!"
fi
fi
#upgrade
else
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
fi
exec "$@"

31
14.0/fpm/config/autoconfig.php
View file

@ -1,31 +0,0 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
}

12
14.0/fpm/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

140
14.0/fpm/entrypoint.sh
View file

@ -1,140 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
echo "Initializing finished"
#install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
echo "starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "retrying install..."
try=$((try+1))
sleep 3s
done
if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
done
fi
else
echo "running web-based installer on first connect!"
fi
fi
#upgrade
else
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
fi
exec "$@"

31
15.0/apache/config/autoconfig.php
View file

@ -1,31 +0,0 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
}

12
15.0/apache/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

140
15.0/apache/entrypoint.sh
View file

@ -1,140 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
echo "Initializing finished"
#install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
echo "starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "retrying install..."
try=$((try+1))
sleep 3s
done
if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
done
fi
else
echo "running web-based installer on first connect!"
fi
fi
#upgrade
else
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
fi
exec "$@"

31
15.0/fpm-alpine/config/autoconfig.php
View file

@ -1,31 +0,0 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
}

12
15.0/fpm-alpine/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

140
15.0/fpm-alpine/entrypoint.sh
View file

@ -1,140 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
echo "Initializing finished"
#install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
echo "starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "retrying install..."
try=$((try+1))
sleep 3s
done
if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
done
fi
else
echo "running web-based installer on first connect!"
fi
fi
#upgrade
else
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
fi
exec "$@"

31
15.0/fpm/config/autoconfig.php
View file

@ -1,31 +0,0 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
}

12
15.0/fpm/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

140
15.0/fpm/entrypoint.sh
View file

@ -1,140 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
echo "Initializing finished"
#install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
echo "starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "retrying install..."
try=$((try+1))
sleep 3s
done
if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
done
fi
else
echo "running web-based installer on first connect!"
fi
fi
#upgrade
else
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
fi
exec "$@"

31
16.0/apache/config/autoconfig.php
View file

@ -1,31 +0,0 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
}

12
16.0/apache/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

140
16.0/apache/entrypoint.sh
View file

@ -1,140 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
echo "Initializing finished"
#install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
echo "starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "retrying install..."
try=$((try+1))
sleep 3s
done
if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
done
fi
else
echo "running web-based installer on first connect!"
fi
fi
#upgrade
else
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
fi
exec "$@"

31
16.0/fpm-alpine/config/autoconfig.php
View file

@ -1,31 +0,0 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
}

12
16.0/fpm-alpine/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

140
16.0/fpm-alpine/entrypoint.sh
View file

@ -1,140 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
echo "Initializing finished"
#install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
echo "starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "retrying install..."
try=$((try+1))
sleep 3s
done
if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
done
fi
else
echo "running web-based installer on first connect!"
fi
fi
#upgrade
else
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
fi
exec "$@"

31
16.0/fpm/config/autoconfig.php
View file

@ -1,31 +0,0 @@
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG["dbtype"] = "sqlite";
$AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG["dbtype"] = "mysql";
$AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
$AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
$AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG["dbtype"] = "pgsql";
$AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
$AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
$AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
}

12
16.0/fpm/config/redis.config.php
View file

@ -1,12 +0,0 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
),
);
}

140
16.0/fpm/entrypoint.sh
View file

@ -1,140 +0,0 @@
#!/bin/sh
set -eu
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su -p www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler"
{
echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
} > /usr/local/etc/php/conf.d/redis-session.ini
fi
installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
# shellcheck disable=SC2016
installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
if version_greater "$installed_version" "$image_version"; then
echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
if version_greater "$image_version" "$installed_version"; then
echo "Initializing nextcloud $image_version ..."
if [ "$installed_version" != "0.0.0.0" ]; then
echo "Upgrading nextcloud from $installed_version ..."
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
fi
if [ "$(id -u)" = 0 ]; then
rsync_options="-rlDog --chown www-data:root"
else
rsync_options="-rlD"
fi
rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
for dir in config data custom_apps themes; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
fi
done
rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
echo "Initializing finished"
#install
if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance"
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install=true
fi
if [ "$install" = true ]; then
echo "starting nextcloud installation"
max_retries=10
try=0
until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
do
echo "retrying install..."
try=$((try+1))
sleep 3s
done
if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!"
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
done
fi
else
echo "running web-based installer on first connect!"
fi
fi
#upgrade
else
run_as 'php /var/www/html/occ upgrade'
run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
fi
fi
fi
exec "$@"

151
17.0-rc/apache/Dockerfile Normal file
View file

@ -0,0 +1,151 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-apache-buster
# entrypoint.sh and cron.sh dependencies
RUN set -ex; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
rsync \
bzip2 \
busybox-static \
; \
rm -rf /var/lib/apt/lists/*; \
\
mkdir -p /var/spool/cron/crontabs; \
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \
libicu-dev \
libjpeg-dev \
libldap2-dev \
libmcrypt-dev \
libmemcached-dev \
libpng-dev \
libpq-dev \
libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \
\
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \
exif \
gd \
intl \
ldap \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
zip \
gmp \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.18; \
pecl install memcached-3.1.5; \
pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \
\
docker-php-ext-enable \
apcu \
memcached \
redis \
imagick \
; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
# set recommended PHP.ini settings
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \
echo 'opcache.enable=1'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \
echo 'opcache.save_comments=1'; \
echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
VOLUME /var/www/html
RUN a2enmod headers rewrite remoteip ;\
{\
echo RemoteIPHeader X-Real-IP ;\
echo RemoteIPTrustedProxy 10.0.0.0/8 ;\
echo RemoteIPTrustedProxy 172.16.0.0/12 ;\
echo RemoteIPTrustedProxy 192.168.0.0/16 ;\
} > /etc/apache2/conf-available/remoteip.conf;\
a2enconf remoteip
ENV NEXTCLOUD_VERSION 17.0.9RC1
RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \
rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY *.sh upgrade.exclude /
COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"]
CMD ["apache2-foreground"]

0
14.0-rc/apache/config/apache-pretty-urls.config.php → 17.0-rc/apache/config/apache-pretty-urls.config.php
View file

0
14.0-rc/apache/config/apcu.config.php → 17.0-rc/apache/config/apcu.config.php
View file

0
14.0-rc/apache/config/apps.config.php → 17.0-rc/apache/config/apps.config.php
View file

4
14.0-rc/fpm-alpine/config/autoconfig.php → 17.0-rc/apache/config/autoconfig.php
View file

@ -23,9 +23,5 @@ if (getenv('SQLITE_DATABASE')) {
} }
if ($autoconfig_enabled) { if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
} }

17
17.0-rc/apache/config/redis.config.php Normal file
View file

@ -0,0 +1,17 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

25
17.0-rc/apache/config/reverse-proxy.config.php Normal file
View file

@ -0,0 +1,25 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

0
14.0-rc/apache/config/smtp.config.php → 17.0-rc/apache/config/smtp.config.php
View file

0
14.0-rc/apache/cron.sh → 17.0-rc/apache/cron.sh
View file

60
14.0-rc/apache/entrypoint.sh → 17.0-rc/apache/entrypoint.sh
View file

@ -19,13 +19,55 @@ run_as() {
fi fi
} }
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
if [ -n "${varValue}" ]; then
export "$var"="${varValue}"
elif [ -n "${fileVarValue}" ]; then
export "$var"="$(cat "${fileVarValue}")"
elif [ -n "${def}" ]; then
export "$var"="$def"
fi
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler" echo "Configuring Redis as session handler"
{ {
echo 'session.save_handler = redis' echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" # check if redis host is an unix socket path
if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"unix://${REDIS_HOST}\""
fi
# check if redis password has been set
elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
fi
} > /usr/local/etc/php/conf.d/redis-session.ini } > /usr/local/etc/php/conf.d/redis-session.ini
fi fi
@ -67,18 +109,24 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
if [ "$installed_version" = "0.0.0.0" ]; then if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance" echo "New nextcloud instance"
file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016 # shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016 # shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi fi
file_env MYSQL_DATABASE
file_env MYSQL_PASSWORD
file_env MYSQL_USER
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
install=false install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database" echo "Installing with SQLite database"
@ -105,7 +153,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
do do
echo "retrying install..." echo "retrying install..."
try=$((try+1)) try=$((try+1))
sleep 3s sleep 10s
done done
if [ "$try" -gt "$max_retries" ]; then if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!" echo "installing of nextcloud failed!"

0
14.0-rc/apache/upgrade.exclude → 17.0-rc/apache/upgrade.exclude
View file

17
14.0-rc/fpm-alpine/Dockerfile → 17.0-rc/fpm-alpine/Dockerfile
View file

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
FROM php:7.2-fpm-alpine3.10 FROM php:7.3-fpm-alpine3.12
# entrypoint.sh and cron.sh dependencies # entrypoint.sh and cron.sh dependencies
RUN set -ex; \ RUN set -ex; \
@ -9,7 +9,7 @@ RUN set -ex; \
; \ ; \
\ \
rm /var/spool/cron/crontabs/root; \ rm /var/spool/cron/crontabs/root; \
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need # install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
@ -26,11 +26,13 @@ RUN set -ex; \
libpng-dev \ libpng-dev \
libmemcached-dev \ libmemcached-dev \
libxml2-dev \ libxml2-dev \
libzip-dev \
openldap-dev \ openldap-dev \
pcre-dev \ pcre-dev \
postgresql-dev \ postgresql-dev \
imagemagick-dev \ imagemagick-dev \
libwebp-dev \ libwebp-dev \
gmp-dev \
; \ ; \
\ \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \ docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
@ -45,11 +47,12 @@ RUN set -ex; \
pdo_mysql \ pdo_mysql \
pdo_pgsql \ pdo_pgsql \
zip \ zip \
gmp \
; \ ; \
\ \
# pecl will claim success even if one install fails, so we need to perform each install separately # pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.17; \ pecl install APCu-5.1.18; \
pecl install memcached-3.1.3; \ pecl install memcached-3.1.5; \
pecl install redis-4.3.0; \ pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \ pecl install imagick-3.4.4; \
\ \
@ -91,7 +94,7 @@ RUN { \
VOLUME /var/www/html VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 14.0.13RC1 ENV NEXTCLOUD_VERSION 17.0.9RC1
RUN set -ex; \ RUN set -ex; \
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
@ -109,8 +112,8 @@ RUN set -ex; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \ gpgconf --kill all; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \ rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \ mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \ chmod +x /usr/src/nextcloud/occ; \

0
14.0-rc/fpm-alpine/config/apcu.config.php → 17.0-rc/fpm-alpine/config/apcu.config.php
View file

0
14.0-rc/fpm-alpine/config/apps.config.php → 17.0-rc/fpm-alpine/config/apps.config.php
View file

4
14.0-rc/fpm/config/autoconfig.php → 17.0-rc/fpm-alpine/config/autoconfig.php
View file

@ -23,9 +23,5 @@ if (getenv('SQLITE_DATABASE')) {
} }
if ($autoconfig_enabled) { if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
} }

17
17.0-rc/fpm-alpine/config/redis.config.php Normal file
View file

@ -0,0 +1,17 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

25
17.0-rc/fpm-alpine/config/reverse-proxy.config.php Normal file
View file

@ -0,0 +1,25 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

0
14.0-rc/fpm-alpine/config/smtp.config.php → 17.0-rc/fpm-alpine/config/smtp.config.php
View file

0
14.0-rc/fpm-alpine/cron.sh → 17.0-rc/fpm-alpine/cron.sh
View file

60
14.0-rc/fpm/entrypoint.sh → 17.0-rc/fpm-alpine/entrypoint.sh
View file

@ -19,13 +19,55 @@ run_as() {
fi fi
} }
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
if [ -n "${varValue}" ]; then
export "$var"="${varValue}"
elif [ -n "${fileVarValue}" ]; then
export "$var"="$(cat "${fileVarValue}")"
elif [ -n "${def}" ]; then
export "$var"="$def"
fi
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler" echo "Configuring Redis as session handler"
{ {
echo 'session.save_handler = redis' echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" # check if redis host is an unix socket path
if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"unix://${REDIS_HOST}\""
fi
# check if redis password has been set
elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
fi
} > /usr/local/etc/php/conf.d/redis-session.ini } > /usr/local/etc/php/conf.d/redis-session.ini
fi fi
@ -67,18 +109,24 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
if [ "$installed_version" = "0.0.0.0" ]; then if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance" echo "New nextcloud instance"
file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016 # shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016 # shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi fi
file_env MYSQL_DATABASE
file_env MYSQL_PASSWORD
file_env MYSQL_USER
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
install=false install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database" echo "Installing with SQLite database"
@ -105,7 +153,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
do do
echo "retrying install..." echo "retrying install..."
try=$((try+1)) try=$((try+1))
sleep 3s sleep 10s
done done
if [ "$try" -gt "$max_retries" ]; then if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!" echo "installing of nextcloud failed!"

0
14.0-rc/fpm-alpine/upgrade.exclude → 17.0-rc/fpm-alpine/upgrade.exclude
View file

143
17.0-rc/fpm/Dockerfile Normal file
View file

@ -0,0 +1,143 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-fpm-buster
# entrypoint.sh and cron.sh dependencies
RUN set -ex; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
rsync \
bzip2 \
busybox-static \
; \
rm -rf /var/lib/apt/lists/*; \
\
mkdir -p /var/spool/cron/crontabs; \
echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \
libicu-dev \
libjpeg-dev \
libldap2-dev \
libmcrypt-dev \
libmemcached-dev \
libpng-dev \
libpq-dev \
libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
libgmp-dev \
; \
\
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \
exif \
gd \
intl \
ldap \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
zip \
gmp \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.18; \
pecl install memcached-3.1.5; \
pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \
\
docker-php-ext-enable \
apcu \
memcached \
redis \
imagick \
; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
# set recommended PHP.ini settings
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \
echo 'opcache.enable=1'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \
echo 'opcache.save_comments=1'; \
echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
VOLUME /var/www/html
ENV NEXTCLOUD_VERSION 17.0.9RC1
RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \
rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY *.sh upgrade.exclude /
COPY config/* /usr/src/nextcloud/config/
ENTRYPOINT ["/entrypoint.sh"]
CMD ["php-fpm"]

0
14.0-rc/fpm/config/apcu.config.php → 17.0-rc/fpm/config/apcu.config.php
View file

0
14.0-rc/fpm/config/apps.config.php → 17.0-rc/fpm/config/apps.config.php
View file

4
14.0-rc/apache/config/autoconfig.php → 17.0-rc/fpm/config/autoconfig.php
View file

@ -23,9 +23,5 @@ if (getenv('SQLITE_DATABASE')) {
} }
if ($autoconfig_enabled) { if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
} }

17
17.0-rc/fpm/config/redis.config.php Normal file
View file

@ -0,0 +1,17 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

25
17.0-rc/fpm/config/reverse-proxy.config.php Normal file
View file

@ -0,0 +1,25 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

0
14.0-rc/fpm/config/smtp.config.php → 17.0-rc/fpm/config/smtp.config.php
View file

0
14.0-rc/fpm/cron.sh → 17.0-rc/fpm/cron.sh
View file

60
14.0-rc/fpm-alpine/entrypoint.sh → 17.0-rc/fpm/entrypoint.sh
View file

@ -19,13 +19,55 @@ run_as() {
fi fi
} }
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
if [ -n "${varValue}" ]; then
export "$var"="${varValue}"
elif [ -n "${fileVarValue}" ]; then
export "$var"="$(cat "${fileVarValue}")"
elif [ -n "${def}" ]; then
export "$var"="$def"
fi
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then if [ -n "${REDIS_HOST+x}" ]; then
echo "Configuring Redis as session handler" echo "Configuring Redis as session handler"
{ {
echo 'session.save_handler = redis' echo 'session.save_handler = redis'
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" # check if redis host is an unix socket path
if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"unix://${REDIS_HOST}\""
fi
# check if redis password has been set
elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
else
echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
fi
} > /usr/local/etc/php/conf.d/redis-session.ini } > /usr/local/etc/php/conf.d/redis-session.ini
fi fi
@ -67,18 +109,24 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
if [ "$installed_version" = "0.0.0.0" ]; then if [ "$installed_version" = "0.0.0.0" ]; then
echo "New nextcloud instance" echo "New nextcloud instance"
file_env NEXTCLOUD_ADMIN_PASSWORD
file_env NEXTCLOUD_ADMIN_USER
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016 # shellcheck disable=SC2016
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
if [ -n "${NEXTCLOUD_TABLE_PREFIX+x}" ]; then
# shellcheck disable=SC2016
install_options=$install_options' --database-table-prefix "$NEXTCLOUD_TABLE_PREFIX"'
fi
if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
# shellcheck disable=SC2016 # shellcheck disable=SC2016
install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
fi fi
file_env MYSQL_DATABASE
file_env MYSQL_PASSWORD
file_env MYSQL_USER
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
install=false install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then if [ -n "${SQLITE_DATABASE+x}" ]; then
echo "Installing with SQLite database" echo "Installing with SQLite database"
@ -105,7 +153,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
do do
echo "retrying install..." echo "retrying install..."
try=$((try+1)) try=$((try+1))
sleep 3s sleep 10s
done done
if [ "$try" -gt "$max_retries" ]; then if [ "$try" -gt "$max_retries" ]; then
echo "installing of nextcloud failed!" echo "installing of nextcloud failed!"

0
14.0-rc/fpm/upgrade.exclude → 17.0-rc/fpm/upgrade.exclude
View file

20
16.0/apache/Dockerfile → 17.0/apache/Dockerfile
View file

@ -1,5 +1,5 @@
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-apache-stretch FROM php:7.3-apache-buster
# entrypoint.sh and cron.sh dependencies # entrypoint.sh and cron.sh dependencies
RUN set -ex; \ RUN set -ex; \
@ -13,7 +13,7 @@ RUN set -ex; \
rm -rf /var/lib/apt/lists/*; \ rm -rf /var/lib/apt/lists/*; \
\ \
mkdir -p /var/spool/cron/crontabs; \ mkdir -p /var/spool/cron/crontabs; \
echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
# install the PHP extensions we need # install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
@ -37,10 +37,13 @@ RUN set -ex; \
libmagickwand-dev \ libmagickwand-dev \
libzip-dev \ libzip-dev \
libwebp-dev \ libwebp-dev \
libgmp-dev \
; \ ; \
\ \
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
if [ ! -e /usr/include/gmp.h ]; then ln -s /usr/include/$debMultiarch/gmp.h /usr/include/gmp.h; fi;\
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \ docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure gmp --with-gmp="/usr/include/$debMultiarch"; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \ docker-php-ext-install -j "$(nproc)" \
exif \ exif \
@ -52,11 +55,12 @@ RUN set -ex; \
pdo_mysql \ pdo_mysql \
pdo_pgsql \ pdo_pgsql \
zip \ zip \
gmp \
; \ ; \
\ \
# pecl will claim success even if one install fails, so we need to perform each install separately # pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.17; \ pecl install APCu-5.1.18; \
pecl install memcached-3.1.3; \ pecl install memcached-3.1.5; \
pecl install redis-4.3.0; \ pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \ pecl install imagick-3.4.4; \
\ \
@ -102,7 +106,7 @@ RUN { \
VOLUME /var/www/html VOLUME /var/www/html
RUN a2enmod rewrite remoteip ;\ RUN a2enmod headers rewrite remoteip ;\
{\ {\
echo RemoteIPHeader X-Real-IP ;\ echo RemoteIPHeader X-Real-IP ;\
echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ echo RemoteIPTrustedProxy 10.0.0.0/8 ;\
@ -111,7 +115,7 @@ RUN a2enmod rewrite remoteip ;\
} > /etc/apache2/conf-available/remoteip.conf;\ } > /etc/apache2/conf-available/remoteip.conf;\
a2enconf remoteip a2enconf remoteip
ENV NEXTCLOUD_VERSION 16.0.2 ENV NEXTCLOUD_VERSION 17.0.8
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \ fetchDeps=" \
@ -131,8 +135,8 @@ RUN set -ex; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
gpgconf --kill all; \ gpgconf --kill all; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf /usr/src/nextcloud/updater; \ rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/data; \
mkdir -p /usr/src/nextcloud/custom_apps; \ mkdir -p /usr/src/nextcloud/custom_apps; \
chmod +x /usr/src/nextcloud/occ; \ chmod +x /usr/src/nextcloud/occ; \

0
14.0/apache/config/apache-pretty-urls.config.php → 17.0/apache/config/apache-pretty-urls.config.php
View file

0
14.0/apache/config/apcu.config.php → 17.0/apache/config/apcu.config.php
View file

0
14.0/apache/config/apps.config.php → 17.0/apache/config/apps.config.php
View file

4
14.0/apache/config/autoconfig.php → 17.0/apache/config/autoconfig.php
View file

@ -23,9 +23,5 @@ if (getenv('SQLITE_DATABASE')) {
} }
if ($autoconfig_enabled) { if ($autoconfig_enabled) {
if (getenv('NEXTCLOUD_TABLE_PREFIX')) {
$AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX');
}
$AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
} }

17
17.0/apache/config/redis.config.php Normal file
View file

@ -0,0 +1,17 @@
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
}

25
17.0/apache/config/reverse-proxy.config.php Normal file
View file

@ -0,0 +1,25 @@
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}

0
14.0/apache/config/smtp.config.php → 17.0/apache/config/smtp.config.php
View file

0
14.0/apache/cron.sh → 17.0/apache/cron.sh
View file

Some files were not shown because too many files have changed in this diff Show more