aaron/nextcloud-docker
0
0
Fork 0
mirror of https://github.com/nextcloud/docker.git synced 2025-04-19 18:36:09 +02:00
Code Activity

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
Arne Tarara 2024-10-08 23:34:27 +00:00
commit bcc82c6e4b
19 changed files with 71 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

2
.examples/docker-compose/insecure/mariadb/apache/compose.yaml
View file

@ -1,6 +1,6 @@
services: services:
db: db:
image: mariadb:10.6 image: mariadb:10.11
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
restart: always restart: always
volumes: volumes:

2
.examples/docker-compose/insecure/mariadb/fpm/compose.yaml
View file

@ -1,6 +1,6 @@
services: services:
db: db:
image: mariadb:10.6 image: mariadb:10.11
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
restart: always restart: always
volumes: volumes:

5
.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
View file

@ -14,6 +14,7 @@ http {
default_type application/octet-stream; default_type application/octet-stream;
types { types {
text/javascript mjs; text/javascript mjs;
application/wasm wasm;
} }
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
@ -143,7 +144,7 @@ http {
# to the URI, resulting in a HTTP 500 error response. # to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) { location ~ \.php(?:$|/) {
# Required for legacy support # Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
@ -166,7 +167,7 @@ http {
} }
# Serve static files # Serve static files
location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Cache-Control "public, max-age=15778463$asset_immutable";
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;

5
.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
View file

@ -14,6 +14,7 @@ http {
default_type application/octet-stream; default_type application/octet-stream;
types { types {
text/javascript mjs; text/javascript mjs;
application/wasm wasm;
} }
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
@ -143,7 +144,7 @@ http {
# to the URI, resulting in a HTTP 500 error response. # to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) { location ~ \.php(?:$|/) {
# Required for legacy support # Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
@ -166,7 +167,7 @@ http {
} }
# Serve static files # Serve static files
location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Cache-Control "public, max-age=15778463$asset_immutable";
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;

2
.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml
View file

@ -1,6 +1,6 @@
services: services:
db: db:
image: mariadb:10.6 image: mariadb:10.11
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
restart: always restart: always
volumes: volumes:

2
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml
View file

@ -1,6 +1,6 @@
services: services:
db: db:
image: mariadb:10.6 image: mariadb:10.11
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
restart: always restart: always
volumes: volumes:

5
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
View file

@ -14,6 +14,7 @@ http {
default_type application/octet-stream; default_type application/octet-stream;
types { types {
text/javascript mjs; text/javascript mjs;
application/wasm wasm;
} }
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
@ -143,7 +144,7 @@ http {
# to the URI, resulting in a HTTP 500 error response. # to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) { location ~ \.php(?:$|/) {
# Required for legacy support # Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
@ -166,7 +167,7 @@ http {
} }
# Serve static files # Serve static files
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Cache-Control "public, max-age=15778463$asset_immutable";
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;

5
.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
View file

@ -14,6 +14,7 @@ http {
default_type application/octet-stream; default_type application/octet-stream;
types { types {
text/javascript mjs; text/javascript mjs;
application/wasm wasm;
} }
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
@ -143,7 +144,7 @@ http {
# to the URI, resulting in a HTTP 500 error response. # to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) { location ~ \.php(?:$|/) {
# Required for legacy support # Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
@ -166,7 +167,7 @@ http {
} }
# Serve static files # Serve static files
location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Cache-Control "public, max-age=15778463$asset_immutable";
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;

5
28/apache/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

5
28/fpm-alpine/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

5
28/fpm/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

5
29/apache/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

5
29/fpm-alpine/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

5
29/fpm/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

5
30/apache/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

5
30/fpm-alpine/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

5
30/fpm/config/reverse-proxy.config.php
View file

@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) { if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} }
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}

9
README.md
View file

@ -68,7 +68,7 @@ Database:
```console ```console
$ docker run -d \ $ docker run -d \
-v db:/var/lib/mysql \ -v db:/var/lib/mysql \
mariadb:10.6 mariadb:10.11
``` ```
### Additional volumes ### Additional volumes
@ -261,7 +261,7 @@ To use the hooks triggered by the `entrypoint` script, either
``` ```
## Using the apache image behind a reverse proxy and auto configure server host and protocol ## Using the image behind a reverse proxy and auto configure server host and protocol
The apache image will replace the remote addr (IP address visible to Nextcloud) with the IP address from `X-Real-IP` if the request is coming from a proxy in `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16` by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client IP (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, then disable rewrite IP and add the reverse proxy's IP address to `TRUSTED_PROXIES`. The apache image will replace the remote addr (IP address visible to Nextcloud) with the IP address from `X-Real-IP` if the request is coming from a proxy in `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16` by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client IP (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, then disable rewrite IP and add the reverse proxy's IP address to `TRUSTED_PROXIES`.
@ -276,6 +276,7 @@ If the `TRUSTED_PROXIES` approach does not work for you, try using fixed values
- `OVERWRITECLIURL` (empty by default): Set the cli url of the proxy (e.g. https://mydnsname.example.com) - `OVERWRITECLIURL` (empty by default): Set the cli url of the proxy (e.g. https://mydnsname.example.com)
- `OVERWRITEWEBROOT` (empty by default): Set the absolute path of the proxy. - `OVERWRITEWEBROOT` (empty by default): Set the absolute path of the proxy.
- `OVERWRITECONDADDR` (empty by default): Regex to overwrite the values dependent on the remote address. - `OVERWRITECONDADDR` (empty by default): Regex to overwrite the values dependent on the remote address.
- `FORWARDED_FOR_HEADERS` (empty by default): HTTP headers with the original client IP address
Check the [Nexcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html) for more details. Check the [Nexcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html) for more details.
@ -294,7 +295,7 @@ Make sure to pass in values for `MYSQL_ROOT_PASSWORD` and `MYSQL_PASSWORD` varia
```yaml ```yaml
services: services:
db: db:
image: mariadb:10.6 image: mariadb:10.11
restart: always restart: always
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
volumes: volumes:
@ -342,7 +343,7 @@ Make sure to pass in values for `MYSQL_ROOT_PASSWORD` and `MYSQL_PASSWORD` varia
```yaml ```yaml
services: services:
db: db:
image: mariadb:10.6 image: mariadb:10.11
restart: always restart: always
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
volumes: volumes: