mirror of
https://github.com/nextcloud/docker.git
synced 2025-03-14 18:35:08 +01:00
Added support for docker secrets for NEXTCLOUD_ADMIN_PASSWORD, MYSQL_PASSWORD and POSTGRES_PASSWORD
Signed-off-by: Julian Aßmann <assmannjulian@outlook.de>
This commit is contained in:
Julian Aßmann
parent
22dcc8e844
commit
eef1d97596
14 changed files with 502 additions and 0 deletions
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -11,6 +11,36 @@ directory_empty() {
|
|||
[ -z "$(ls -A "$1/")" ]
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
run_as() {
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
su -p www-data -s /bin/sh -c "$1"
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -11,6 +11,36 @@ directory_empty() {
|
|||
[ -z "$(ls -A "$1/")" ]
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
run_as() {
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
su -p www-data -s /bin/sh -c "$1"
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
60
README.md
60
README.md
|
|
@ -158,6 +158,66 @@ To use an external SMTP server, you have to provide the connection details. To c
|
|||
|
||||
Check the [Nextcloud documentation](https://docs.nextcloud.com/server/15/admin_manual/configuration_server/email_configuration.html) for other values to configure SMTP.
|
||||
|
||||
## Docker secrets
|
||||
As an alternative to passing sensitive information via environment variables, _FILE may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in /run/secrets/<secret_name> files. For example:
|
||||
|
||||
```yaml
|
||||
version '3'
|
||||
services:
|
||||
db:
|
||||
image: postgres
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=nextcloud
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
|
||||
secrets:
|
||||
- postgres_password
|
||||
app:
|
||||
image: nextcloud
|
||||
restart: always
|
||||
ports:
|
||||
- 8080:80
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
environment:
|
||||
- POSTGRES_HOST=db
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=nextcloud
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
|
||||
- NEXTCLOUD_ADMIN_USER=superuser
|
||||
- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
|
||||
depends_on:
|
||||
- db
|
||||
secrets:
|
||||
- postgres_password
|
||||
- admin_password
|
||||
cron:
|
||||
image: nextcloud
|
||||
restart: always
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
entrypoint: /cron.sh
|
||||
depends_on:
|
||||
- db
|
||||
volumes:
|
||||
db:
|
||||
nextcloud:
|
||||
|
||||
secrets:
|
||||
postgres_password:
|
||||
# file: ./postgres_password.txt # put postgresql password to this file (only for local testing)
|
||||
external: true
|
||||
admin_password:
|
||||
# file: ./admin_password.txt # put admin password to this file (only for local testing)
|
||||
external: true # For use in prodcution, create secret via the docker secret create command
|
||||
|
||||
```
|
||||
|
||||
Currently, this is supported for NEXTCLOUD_ADMIN_PASSWORD, MYSQL_PASSWORD and POSTGRES_PASSWORD.
|
||||
|
||||
# Running this image with docker-compose
|
||||
The easiest way to get a fully featured and functional setup is using a `docker-compose` file. There are too many different possibilities to setup your system, so here are only some examples of what you have to look for.
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,36 @@ run_as() {
|
|||
fi
|
||||
}
|
||||
|
||||
# usage: env_secret_expand VAR [DEFAULT]
|
||||
# example: env_secret_expand 'XYZ_DB_PASSWORD_FILE' 'password'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
env_secret_expand() {
|
||||
envVar="$1"
|
||||
fileVar="${envVar}_FILE"
|
||||
|
||||
eval env=\$"$envVar" # Contains the value of the environment variable
|
||||
eval secretFilepath=\$"$fileVar" # Contains the filepath to the secret with the value
|
||||
|
||||
if [ -n "$env" ] && [ -n "$secretFilepath" ]; then
|
||||
echo >&2 "error: both $env and $secretFilepath are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
val=$2 # Set to default
|
||||
|
||||
if [ -n "$secretFilepath" ] && [ -f "$secretFilepath" ]; then
|
||||
val=$(cat "${secretFilepath}")
|
||||
elif [ -n "$env" ]; then
|
||||
val="$env"
|
||||
fi
|
||||
|
||||
export "$envVar"="$val"
|
||||
|
||||
unset fileVar
|
||||
unset env
|
||||
unset secretFilepath
|
||||
}
|
||||
|
||||
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
|
||||
if [ -n "${REDIS_HOST+x}" ]; then
|
||||
|
||||
|
|
@ -72,6 +102,10 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
|
|||
if [ "$installed_version" = "0.0.0.0" ]; then
|
||||
echo "New nextcloud instance"
|
||||
|
||||
env_secret_expand NEXTCLOUD_ADMIN_PASSWORD
|
||||
env_secret_expand MYSQL_PASSWORD
|
||||
env_secret_expand POSTGRES_PASSWORD
|
||||
|
||||
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
|
||||
# shellcheck disable=SC2016
|
||||
install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue