Compatibility with docker secrets (#560)

* Read passwords from files specified with *_PASSWORD_FILE variables (docker secrets) Fixes #731 Signed-off-by: Boris Gorbylev <ekho@ekho.name> Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de> * Add NEXTCLOUD_ADMIN_USER, POSTGRES_DB, POSTGRES_USER Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de> * Fix Variables Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de> Co-authored-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
2025-05-03 07:30:53 +02:00 · 2020-03-31 17:23:57 +03:00 · 2020-03-31 17:23:57 +03:00 · efe3caebdc
commit efe3caebdc
parent cf3476d71b
11 changed files with 402 additions and 0 deletions
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -19,6 +19,30 @@ run_as() {
    fi
 }

+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+    local var="$1"
+    local fileVar="${var}_FILE"
+    local def="${2:-}"
+    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
+        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+        exit 1
+    fi
+    if [ -n "${varValue}" ]; then
+        export "$var"="${varValue}"
+    elif [ -n "${fileVarValue}" ]; then
+        export "$var"="$(cat "${fileVarValue}")"
+    elif [ -n "${def}" ]; then
+        export "$var"="$def"
+    fi
+    unset "$fileVar"
+}
+
 if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
    if [ -n "${REDIS_HOST+x}" ]; then

@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
        if [ "$installed_version" = "0.0.0.0" ]; then
            echo "New nextcloud instance"

+            file_env NEXTCLOUD_ADMIN_PASSWORD
+            file_env NEXTCLOUD_ADMIN_USER
+
            if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                # shellcheck disable=SC2016
                install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                    install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
                fi

+                file_env MYSQL_DATABASE
+                file_env MYSQL_PASSWORD
+                file_env MYSQL_USER
+                file_env POSTGRES_DB
+                file_env POSTGRES_PASSWORD
+                file_env POSTGRES_USER
+
                install=false
                if [ -n "${SQLITE_DATABASE+x}" ]; then
                    echo "Installing with SQLite database"