From 5d6b615a8e8559cc6d4b3183f9cbcb69023063e0 Mon Sep 17 00:00:00 2001 From: kn0wmad <39687477+kn0wmad@users.noreply.github.com> Date: Thu, 25 May 2023 22:23:01 +0000 Subject: [PATCH 01/13] Update README.md (#1983) Signed-off-by: kn0wmad <39687477+kn0wmad@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 20a9cecf..d0f68c49 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Now you can access Nextcloud at http://localhost:8080/ from your host system. ## Using the fpm image -To use the fpm image, you need an additional web server, such as [nginx](https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html), that can proxy http-request to the fpm-port of the container. For fpm connection this container exposes port 9000. In most cases, you might want use another container or your host as proxy. If you use your host you can address your Nextcloud container directly on port 9000. If you use another container, make sure that you add them to the same docker network (via `docker run --network ...` or a `docker-compose` file). In both cases you don't want to map the fpm port to your host. +To use the fpm image, you need an additional web server, such as [nginx](https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html), that can proxy http-request to the fpm-port of the container. For fpm connection this container exposes port 9000. In most cases, you might want to use another container or your host as proxy. If you use your host you can address your Nextcloud container directly on port 9000. If you use another container, make sure that you add them to the same docker network (via `docker run --network ...` or a `docker-compose` file). In both cases you don't want to map the fpm port to your host. ```console $ docker run -d nextcloud:fpm From 9b84086ab9e8409437c3aa1b8c6ce9db4c2250bb Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Thu, 25 May 2023 22:23:21 +0000 Subject: [PATCH 02/13] Runs update.sh --- 25/apache/Dockerfile | 2 +- 25/fpm-alpine/Dockerfile | 2 +- 25/fpm/Dockerfile | 2 +- 26/apache/Dockerfile | 2 +- 26/fpm-alpine/Dockerfile | 2 +- 26/fpm/Dockerfile | 2 +- latest.txt | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/25/apache/Dockerfile b/25/apache/Dockerfile index 91521f17..45ff8489 100644 --- a/25/apache/Dockerfile +++ b/25/apache/Dockerfile @@ -125,7 +125,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 25.0.6 +ENV NEXTCLOUD_VERSION 25.0.7 RUN set -ex; \ fetchDeps=" \ diff --git a/25/fpm-alpine/Dockerfile b/25/fpm-alpine/Dockerfile index 05dd32a9..d9baf461 100644 --- a/25/fpm-alpine/Dockerfile +++ b/25/fpm-alpine/Dockerfile @@ -105,7 +105,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 25.0.6 +ENV NEXTCLOUD_VERSION 25.0.7 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/25/fpm/Dockerfile b/25/fpm/Dockerfile index e5f121c4..3ba5e4ae 100644 --- a/25/fpm/Dockerfile +++ b/25/fpm/Dockerfile @@ -117,7 +117,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 25.0.6 +ENV NEXTCLOUD_VERSION 25.0.7 RUN set -ex; \ fetchDeps=" \ diff --git a/26/apache/Dockerfile b/26/apache/Dockerfile index ee711ff0..7a79974b 100644 --- a/26/apache/Dockerfile +++ b/26/apache/Dockerfile @@ -126,7 +126,7 @@ RUN a2enmod headers rewrite remoteip ;\ } > /etc/apache2/conf-available/remoteip.conf;\ a2enconf remoteip -ENV NEXTCLOUD_VERSION 26.0.1 +ENV NEXTCLOUD_VERSION 26.0.2 RUN set -ex; \ fetchDeps=" \ diff --git a/26/fpm-alpine/Dockerfile b/26/fpm-alpine/Dockerfile index 39a8028a..0507b90f 100644 --- a/26/fpm-alpine/Dockerfile +++ b/26/fpm-alpine/Dockerfile @@ -106,7 +106,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 26.0.1 +ENV NEXTCLOUD_VERSION 26.0.2 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ diff --git a/26/fpm/Dockerfile b/26/fpm/Dockerfile index d555b277..d4d594f7 100644 --- a/26/fpm/Dockerfile +++ b/26/fpm/Dockerfile @@ -118,7 +118,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 26.0.1 +ENV NEXTCLOUD_VERSION 26.0.2 RUN set -ex; \ fetchDeps=" \ diff --git a/latest.txt b/latest.txt index 72a5c3d3..cbf1d673 100644 --- a/latest.txt +++ b/latest.txt @@ -1 +1 @@ -26.0.1 +26.0.2 From 8394b4967cadad4167fcee903e0e61e8b5299b24 Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 25 May 2023 23:03:53 +0000 Subject: [PATCH 03/13] EOL 24 (#1988) Signed-off-by: J0WI --- 24/apache/Dockerfile | 161 ------------ .../config/apache-pretty-urls.config.php | 4 - 24/apache/config/apcu.config.php | 4 - 24/apache/config/apps.config.php | 15 -- 24/apache/config/autoconfig.php | 41 ---- 24/apache/config/redis.config.php | 17 -- 24/apache/config/reverse-proxy.config.php | 30 --- 24/apache/config/s3.config.php | 41 ---- 24/apache/config/smtp.config.php | 22 -- 24/apache/config/swift.config.php | 31 --- 24/apache/cron.sh | 4 - 24/apache/entrypoint.sh | 232 ------------------ 24/apache/upgrade.exclude | 6 - 24/fpm-alpine/Dockerfile | 137 ----------- 24/fpm-alpine/config/apcu.config.php | 4 - 24/fpm-alpine/config/apps.config.php | 15 -- 24/fpm-alpine/config/autoconfig.php | 41 ---- 24/fpm-alpine/config/redis.config.php | 17 -- 24/fpm-alpine/config/reverse-proxy.config.php | 30 --- 24/fpm-alpine/config/s3.config.php | 41 ---- 24/fpm-alpine/config/smtp.config.php | 22 -- 24/fpm-alpine/config/swift.config.php | 31 --- 24/fpm-alpine/cron.sh | 4 - 24/fpm-alpine/entrypoint.sh | 232 ------------------ 24/fpm-alpine/upgrade.exclude | 6 - 24/fpm/Dockerfile | 153 ------------ 24/fpm/config/apcu.config.php | 4 - 24/fpm/config/apps.config.php | 15 -- 24/fpm/config/autoconfig.php | 41 ---- 24/fpm/config/redis.config.php | 17 -- 24/fpm/config/reverse-proxy.config.php | 30 --- 24/fpm/config/s3.config.php | 41 ---- 24/fpm/config/smtp.config.php | 22 -- 24/fpm/config/swift.config.php | 31 --- 24/fpm/cron.sh | 4 - 24/fpm/entrypoint.sh | 232 ------------------ 24/fpm/upgrade.exclude | 6 - update.sh | 4 +- 38 files changed, 1 insertion(+), 1787 deletions(-) delete mode 100644 24/apache/Dockerfile delete mode 100644 24/apache/config/apache-pretty-urls.config.php delete mode 100644 24/apache/config/apcu.config.php delete mode 100644 24/apache/config/apps.config.php delete mode 100644 24/apache/config/autoconfig.php delete mode 100644 24/apache/config/redis.config.php delete mode 100644 24/apache/config/reverse-proxy.config.php delete mode 100644 24/apache/config/s3.config.php delete mode 100644 24/apache/config/smtp.config.php delete mode 100644 24/apache/config/swift.config.php delete mode 100755 24/apache/cron.sh delete mode 100755 24/apache/entrypoint.sh delete mode 100644 24/apache/upgrade.exclude delete mode 100644 24/fpm-alpine/Dockerfile delete mode 100644 24/fpm-alpine/config/apcu.config.php delete mode 100644 24/fpm-alpine/config/apps.config.php delete mode 100644 24/fpm-alpine/config/autoconfig.php delete mode 100644 24/fpm-alpine/config/redis.config.php delete mode 100644 24/fpm-alpine/config/reverse-proxy.config.php delete mode 100644 24/fpm-alpine/config/s3.config.php delete mode 100644 24/fpm-alpine/config/smtp.config.php delete mode 100644 24/fpm-alpine/config/swift.config.php delete mode 100755 24/fpm-alpine/cron.sh delete mode 100755 24/fpm-alpine/entrypoint.sh delete mode 100644 24/fpm-alpine/upgrade.exclude delete mode 100644 24/fpm/Dockerfile delete mode 100644 24/fpm/config/apcu.config.php delete mode 100644 24/fpm/config/apps.config.php delete mode 100644 24/fpm/config/autoconfig.php delete mode 100644 24/fpm/config/redis.config.php delete mode 100644 24/fpm/config/reverse-proxy.config.php delete mode 100644 24/fpm/config/s3.config.php delete mode 100644 24/fpm/config/smtp.config.php delete mode 100644 24/fpm/config/swift.config.php delete mode 100755 24/fpm/cron.sh delete mode 100755 24/fpm/entrypoint.sh delete mode 100644 24/fpm/upgrade.exclude diff --git a/24/apache/Dockerfile b/24/apache/Dockerfile deleted file mode 100644 index 7603a3fd..00000000 --- a/24/apache/Dockerfile +++ /dev/null @@ -1,161 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:8.0-apache-bullseye - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - busybox-static \ - bzip2 \ - libldap-common \ - libmagickcore-6.q16-6-extra \ - rsync \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libgmp-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmagickwand-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libwebp-dev \ - libxml2-dev \ - libzip-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - gmp \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.22; \ - pecl install imagick-3.7.0; \ - pecl install memcached-3.2.0; \ - pecl install redis-5.3.7; \ - \ - docker-php-ext-enable \ - apcu \ - imagick \ - memcached \ - redis \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=32'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=60'; \ - echo 'opcache.jit=1255'; \ - echo 'opcache.jit_buffer_size=128M'; \ - } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ - \ - echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - -RUN a2enmod headers rewrite remoteip ;\ - {\ - echo RemoteIPHeader X-Real-IP ;\ - echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ - echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ - echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ - } > /etc/apache2/conf-available/remoteip.conf;\ - a2enconf remoteip - -ENV NEXTCLOUD_VERSION 24.0.12 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["apache2-foreground"] diff --git a/24/apache/config/apache-pretty-urls.config.php b/24/apache/config/apache-pretty-urls.config.php deleted file mode 100644 index 72da1d8c..00000000 --- a/24/apache/config/apache-pretty-urls.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '/', -); diff --git a/24/apache/config/apcu.config.php b/24/apache/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/24/apache/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/24/apache/config/apps.config.php b/24/apache/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/24/apache/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/24/apache/config/autoconfig.php b/24/apache/config/autoconfig.php deleted file mode 100644 index 92ad2a1c..00000000 --- a/24/apache/config/autoconfig.php +++ /dev/null @@ -1,41 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/24/apache/config/reverse-proxy.config.php b/24/apache/config/reverse-proxy.config.php deleted file mode 100644 index 7df0415e..00000000 --- a/24/apache/config/reverse-proxy.config.php +++ /dev/null @@ -1,30 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); - - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { - $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); - } else { - $CONFIG['objectstore']['arguments']['key'] = ''; - } - - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { - $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); - } else { - $CONFIG['objectstore']['arguments']['secret'] = ''; - } -} diff --git a/24/apache/config/smtp.config.php b/24/apache/config/smtp.config.php deleted file mode 100644 index 5006fe47..00000000 --- a/24/apache/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/24/apache/config/swift.config.php b/24/apache/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/24/apache/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/24/apache/cron.sh b/24/apache/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/24/apache/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/24/apache/entrypoint.sh b/24/apache/entrypoint.sh deleted file mode 100755 index 37441fd8..00000000 --- a/24/apache/entrypoint.sh +++ /dev/null @@ -1,232 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - uid="$(id -u)" - gid="$(id -g)" - if [ "$uid" = '0' ]; then - case "$1" in - apache2*) - user="${APACHE_RUN_USER:-www-data}" - group="${APACHE_RUN_GROUP:-www-data}" - - # strip off any '#' symbol ('#1000' is valid syntax for Apache) - user="${user#'#'}" - group="${group#'#'}" - ;; - *) # php-fpm - user='www-data' - group='www-data' - ;; - esac - else - user="$uid" - group="$gid" - fi - - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - # If another process is syncing the html folder, wait for - # it to be done, then escape initalization. - ( - if ! flock -n 9; then - # If we couldn't get it immediately, show a message, then wait for real - echo "Another process is initializing Nextcloud. Waiting..." - flock 9 - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown $user:$group" - else - rsync_options="-rlD" - fi - - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - - # Install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "Starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "Retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "Installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "Setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "Please run the web-based installer on first connect!" - fi - fi - # Upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - - echo "Initializing finished" - fi - - # Update htaccess after init if requested - if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' - fi - ) 9> /var/www/html/nextcloud-init-sync.lock -fi - -exec "$@" diff --git a/24/apache/upgrade.exclude b/24/apache/upgrade.exclude deleted file mode 100644 index 31ce39a8..00000000 --- a/24/apache/upgrade.exclude +++ /dev/null @@ -1,6 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php -/nextcloud-init-sync.lock diff --git a/24/fpm-alpine/Dockerfile b/24/fpm-alpine/Dockerfile deleted file mode 100644 index e70eb7fc..00000000 --- a/24/fpm-alpine/Dockerfile +++ /dev/null @@ -1,137 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:8.0-fpm-alpine3.16 - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apk add --no-cache \ - imagemagick \ - rsync \ - ; \ - \ - rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -RUN set -ex; \ - \ - apk add --no-cache --virtual .build-deps \ - $PHPIZE_DEPS \ - autoconf \ - freetype-dev \ - gmp-dev \ - icu-dev \ - imagemagick-dev \ - libevent-dev \ - libjpeg-turbo-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libwebp-dev \ - libxml2-dev \ - libzip-dev \ - openldap-dev \ - pcre-dev \ - postgresql-dev \ - ; \ - \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - gmp \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.22; \ - pecl install imagick-3.7.0; \ - pecl install memcached-3.2.0; \ - pecl install redis-5.3.7; \ - \ - docker-php-ext-enable \ - apcu \ - imagick \ - memcached \ - redis \ - ; \ - rm -r /tmp/pear; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del .build-deps - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=32'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=60'; \ - echo 'opcache.jit=1255'; \ - echo 'opcache.jit_buffer_size=128M'; \ - } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ - \ - echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 24.0.12 - -RUN set -ex; \ - apk add --no-cache --virtual .fetch-deps \ - bzip2 \ - gnupg \ - ; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - apk del .fetch-deps - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/24/fpm-alpine/config/apcu.config.php b/24/fpm-alpine/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/24/fpm-alpine/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/24/fpm-alpine/config/apps.config.php b/24/fpm-alpine/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/24/fpm-alpine/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/24/fpm-alpine/config/autoconfig.php b/24/fpm-alpine/config/autoconfig.php deleted file mode 100644 index 92ad2a1c..00000000 --- a/24/fpm-alpine/config/autoconfig.php +++ /dev/null @@ -1,41 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/24/fpm-alpine/config/reverse-proxy.config.php b/24/fpm-alpine/config/reverse-proxy.config.php deleted file mode 100644 index 7df0415e..00000000 --- a/24/fpm-alpine/config/reverse-proxy.config.php +++ /dev/null @@ -1,30 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); - - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { - $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); - } else { - $CONFIG['objectstore']['arguments']['key'] = ''; - } - - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { - $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); - } else { - $CONFIG['objectstore']['arguments']['secret'] = ''; - } -} diff --git a/24/fpm-alpine/config/smtp.config.php b/24/fpm-alpine/config/smtp.config.php deleted file mode 100644 index 5006fe47..00000000 --- a/24/fpm-alpine/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/24/fpm-alpine/config/swift.config.php b/24/fpm-alpine/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/24/fpm-alpine/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/24/fpm-alpine/cron.sh b/24/fpm-alpine/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/24/fpm-alpine/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/24/fpm-alpine/entrypoint.sh b/24/fpm-alpine/entrypoint.sh deleted file mode 100755 index 37441fd8..00000000 --- a/24/fpm-alpine/entrypoint.sh +++ /dev/null @@ -1,232 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - uid="$(id -u)" - gid="$(id -g)" - if [ "$uid" = '0' ]; then - case "$1" in - apache2*) - user="${APACHE_RUN_USER:-www-data}" - group="${APACHE_RUN_GROUP:-www-data}" - - # strip off any '#' symbol ('#1000' is valid syntax for Apache) - user="${user#'#'}" - group="${group#'#'}" - ;; - *) # php-fpm - user='www-data' - group='www-data' - ;; - esac - else - user="$uid" - group="$gid" - fi - - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - # If another process is syncing the html folder, wait for - # it to be done, then escape initalization. - ( - if ! flock -n 9; then - # If we couldn't get it immediately, show a message, then wait for real - echo "Another process is initializing Nextcloud. Waiting..." - flock 9 - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown $user:$group" - else - rsync_options="-rlD" - fi - - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - - # Install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "Starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "Retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "Installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "Setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "Please run the web-based installer on first connect!" - fi - fi - # Upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - - echo "Initializing finished" - fi - - # Update htaccess after init if requested - if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' - fi - ) 9> /var/www/html/nextcloud-init-sync.lock -fi - -exec "$@" diff --git a/24/fpm-alpine/upgrade.exclude b/24/fpm-alpine/upgrade.exclude deleted file mode 100644 index 31ce39a8..00000000 --- a/24/fpm-alpine/upgrade.exclude +++ /dev/null @@ -1,6 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php -/nextcloud-init-sync.lock diff --git a/24/fpm/Dockerfile b/24/fpm/Dockerfile deleted file mode 100644 index c39fe7af..00000000 --- a/24/fpm/Dockerfile +++ /dev/null @@ -1,153 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:8.0-fpm-bullseye - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - busybox-static \ - bzip2 \ - libldap-common \ - libmagickcore-6.q16-6-extra \ - rsync \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libgmp-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmagickwand-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libwebp-dev \ - libxml2-dev \ - libzip-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - gd \ - gmp \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - zip \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.22; \ - pecl install imagick-3.7.0; \ - pecl install memcached-3.2.0; \ - pecl install redis-5.3.7; \ - \ - docker-php-ext-enable \ - apcu \ - imagick \ - memcached \ - redis \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=32'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=60'; \ - echo 'opcache.jit=1255'; \ - echo 'opcache.jit_buffer_size=128M'; \ - } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ - \ - echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ - \ - mkdir /var/www/data; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 24.0.12 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/24/fpm/config/apcu.config.php b/24/fpm/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/24/fpm/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/24/fpm/config/apps.config.php b/24/fpm/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/24/fpm/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/24/fpm/config/autoconfig.php b/24/fpm/config/autoconfig.php deleted file mode 100644 index 92ad2a1c..00000000 --- a/24/fpm/config/autoconfig.php +++ /dev/null @@ -1,41 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/24/fpm/config/reverse-proxy.config.php b/24/fpm/config/reverse-proxy.config.php deleted file mode 100644 index 7df0415e..00000000 --- a/24/fpm/config/reverse-proxy.config.php +++ /dev/null @@ -1,30 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); - - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { - $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); - } else { - $CONFIG['objectstore']['arguments']['key'] = ''; - } - - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { - $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); - } else { - $CONFIG['objectstore']['arguments']['secret'] = ''; - } -} diff --git a/24/fpm/config/smtp.config.php b/24/fpm/config/smtp.config.php deleted file mode 100644 index 5006fe47..00000000 --- a/24/fpm/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/24/fpm/config/swift.config.php b/24/fpm/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/24/fpm/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/24/fpm/cron.sh b/24/fpm/cron.sh deleted file mode 100755 index 4dfa4118..00000000 --- a/24/fpm/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -l 0 -L /dev/stdout diff --git a/24/fpm/entrypoint.sh b/24/fpm/entrypoint.sh deleted file mode 100755 index 37441fd8..00000000 --- a/24/fpm/entrypoint.sh +++ /dev/null @@ -1,232 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - uid="$(id -u)" - gid="$(id -g)" - if [ "$uid" = '0' ]; then - case "$1" in - apache2*) - user="${APACHE_RUN_USER:-www-data}" - group="${APACHE_RUN_GROUP:-www-data}" - - # strip off any '#' symbol ('#1000' is valid syntax for Apache) - user="${user#'#'}" - group="${group#'#'}" - ;; - *) # php-fpm - user='www-data' - group='www-data' - ;; - esac - else - user="$uid" - group="$gid" - fi - - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - # If another process is syncing the html folder, wait for - # it to be done, then escape initalization. - ( - if ! flock -n 9; then - # If we couldn't get it immediately, show a message, then wait for real - echo "Another process is initializing Nextcloud. Waiting..." - flock 9 - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown $user:$group" - else - rsync_options="-rlD" - fi - - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - - # Install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - echo "Starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "Retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "Installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "Setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - else - echo "Please run the web-based installer on first connect!" - fi - fi - # Upgrade - else - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - fi - - echo "Initializing finished" - fi - - # Update htaccess after init if requested - if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' - fi - ) 9> /var/www/html/nextcloud-init-sync.lock -fi - -exec "$@" diff --git a/24/fpm/upgrade.exclude b/24/fpm/upgrade.exclude deleted file mode 100644 index 31ce39a8..00000000 --- a/24/fpm/upgrade.exclude +++ /dev/null @@ -1,6 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php -/nextcloud-init-sync.lock diff --git a/update.sh b/update.sh index 608f263e..d044b77f 100755 --- a/update.sh +++ b/update.sh @@ -2,13 +2,11 @@ set -eo pipefail declare -A alpine_version=( - [24]='3.16' [25]='3.16' [default]='3.17' ) declare -A php_version=( - [24]='8.0' [default]='8.1' ) @@ -83,7 +81,7 @@ variants=( fpm-alpine ) -min_version='24' +min_version='25' # version_greater_or_equal A B returns whether A >= B function version_greater_or_equal() { From 136a20de3270db7c2a443f9f9241cb54d1fef531 Mon Sep 17 00:00:00 2001 From: J0WI Date: Fri, 26 May 2023 01:00:58 +0000 Subject: [PATCH 04/13] Downgrade Nextcloud 25 to PHP 8.0 due OpenSSL 1.1/Alpine 3.16 (#1990) Signed-off-by: J0WI --- 25/fpm-alpine/Dockerfile | 2 +- update.sh | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/25/fpm-alpine/Dockerfile b/25/fpm-alpine/Dockerfile index d9baf461..a8ad27ea 100644 --- a/25/fpm-alpine/Dockerfile +++ b/25/fpm-alpine/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:8.1-fpm-alpine3.16 +FROM php:8.0-fpm-alpine3.16 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ diff --git a/update.sh b/update.sh index d044b77f..d19cad71 100755 --- a/update.sh +++ b/update.sh @@ -2,6 +2,8 @@ set -eo pipefail declare -A alpine_version=( + # https://github.com/nextcloud/server/issues/32003 + # Nextcloud 25 requires OpenSSL 1.1 [25]='3.16' [default]='3.17' ) @@ -121,7 +123,16 @@ function create_variant() { # Nextcloud 26+ recommends sysvsem case "$version" in - 24|25 ) + 25 ) + case "$variant" in + fpm-alpine ) + # Alpine 3.16 / OpenSSL 1.1 is only available for PHP 8.0 + sed -ri -e ' + s/FROM php:8\.1-fpm-alpine/FROM php:8.0-fpm-alpine/ + ' "$dir/Dockerfile" + ;; + esac + sed -ri -e ' /sysvsem/d ' "$dir/Dockerfile" From 646bef90e25182e2cbc27bebe98f25a343104c0c Mon Sep 17 00:00:00 2001 From: J0WI Date: Fri, 26 May 2023 01:04:35 +0000 Subject: [PATCH 05/13] 25.0.7 (#1987) https://github.com/nextcloud-releases/updater_server/pull/869/commits Signed-off-by: J0WI --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 3a6307b4..00ec97ee 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -Eeuo pipefail -stable_channel='25.0.6' +stable_channel='25.0.7' self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" From f2c8cb599e6b1fbf750aee93dd3ce60889e02487 Mon Sep 17 00:00:00 2001 From: Nextcloud Command Bot <88102737+nextcloud-command@users.noreply.github.com> Date: Sun, 28 May 2023 12:15:55 +0200 Subject: [PATCH 06/13] chore: update workflows from templates (#1993) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: John Molakvoæ Co-authored-by: John Molakvoæ --- .github/workflows/command-rebase.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml index 78fcf5d1..ec95ccbb 100644 --- a/.github/workflows/command-rebase.yml +++ b/.github/workflows/command-rebase.yml @@ -9,8 +9,8 @@ on: issue_comment: types: created -permissions: - contents: read +permissions: + contents: read jobs: rebase: @@ -23,7 +23,7 @@ jobs: steps: - name: Add reaction on start - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1 with: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} @@ -31,18 +31,18 @@ jobs: reaction-type: "+1" - name: Checkout the latest code - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 token: ${{ secrets.COMMAND_BOT_PAT }} - name: Automatic Rebase - uses: cirrus-actions/rebase@1.7 + uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8 env: GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} - name: Add reaction on failure - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1 if: failure() with: token: ${{ secrets.COMMAND_BOT_PAT }} From 570ac60ed20c5197eb050c8ec55eae5d9c3e58eb Mon Sep 17 00:00:00 2001 From: Daniel Rudolf Date: Wed, 31 May 2023 14:13:56 +0200 Subject: [PATCH 07/13] Add versions.json (#1995) * Add %%DEBIAN_VERSION%% placeholder Signed-off-by: Daniel Rudolf * Replace %%BASE_DOWNLOAD_URL%% placeholder by %%DOWNLOAD_URL{_ASC}%% Signed-off-by: Daniel Rudolf * Add version.json 'versions.json' contains information about the latest branches and variants. It is managed by `./update.sh`, there's no need to edit this file manually, just run `./update.sh`. Signed-off-by: Daniel Rudolf * Run update.sh Signed-off-by: Daniel Rudolf --------- Signed-off-by: Daniel Rudolf --- 25/apache/Dockerfile | 6 ++-- 25/fpm-alpine/Dockerfile | 6 ++-- 25/fpm/Dockerfile | 6 ++-- 26/apache/Dockerfile | 6 ++-- 26/fpm-alpine/Dockerfile | 6 ++-- 26/fpm/Dockerfile | 6 ++-- Dockerfile-alpine.template | 6 ++-- Dockerfile-debian.template | 8 ++--- update.sh | 61 ++++++++++++++++++++++++-------------- versions.json | 54 +++++++++++++++++++++++++++++++++ 10 files changed, 110 insertions(+), 55 deletions(-) create mode 100644 versions.json diff --git a/25/apache/Dockerfile b/25/apache/Dockerfile index 45ff8489..150d0cc7 100644 --- a/25/apache/Dockerfile +++ b/25/apache/Dockerfile @@ -135,10 +135,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/25/fpm-alpine/Dockerfile b/25/fpm-alpine/Dockerfile index a8ad27ea..7af9e2af 100644 --- a/25/fpm-alpine/Dockerfile +++ b/25/fpm-alpine/Dockerfile @@ -113,10 +113,8 @@ RUN set -ex; \ gnupg \ ; \ \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/25/fpm/Dockerfile b/25/fpm/Dockerfile index 3ba5e4ae..94ad0813 100644 --- a/25/fpm/Dockerfile +++ b/25/fpm/Dockerfile @@ -127,10 +127,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/26/apache/Dockerfile b/26/apache/Dockerfile index 7a79974b..9efd8fd6 100644 --- a/26/apache/Dockerfile +++ b/26/apache/Dockerfile @@ -136,10 +136,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/26/fpm-alpine/Dockerfile b/26/fpm-alpine/Dockerfile index 0507b90f..1ef8f5b9 100644 --- a/26/fpm-alpine/Dockerfile +++ b/26/fpm-alpine/Dockerfile @@ -114,10 +114,8 @@ RUN set -ex; \ gnupg \ ; \ \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/26/fpm/Dockerfile b/26/fpm/Dockerfile index d4d594f7..303f0efb 100644 --- a/26/fpm/Dockerfile +++ b/26/fpm/Dockerfile @@ -128,10 +128,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 59b73bcc..5aaded89 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -113,10 +113,8 @@ RUN set -ex; \ gnupg \ ; \ \ - curl -fsSL -o nextcloud.tar.bz2 \ - "%%BASE_DOWNLOAD_URL%%/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "%%BASE_DOWNLOAD_URL%%/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "%%DOWNLOAD_URL%%"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "%%DOWNLOAD_URL_ASC%%"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index d3fb81ee..4a9d975f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -1,4 +1,4 @@ -FROM php:%%PHP_VERSION%%-%%VARIANT%%-bullseye +FROM php:%%PHP_VERSION%%-%%VARIANT%%-%%DEBIAN_VERSION%% # entrypoint.sh and cron.sh dependencies RUN set -ex; \ @@ -127,10 +127,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 \ - "%%BASE_DOWNLOAD_URL%%/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc \ - "%%BASE_DOWNLOAD_URL%%/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "%%DOWNLOAD_URL%%"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "%%DOWNLOAD_URL_ASC%%"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/update.sh b/update.sh index d19cad71..45864735 100755 --- a/update.sh +++ b/update.sh @@ -8,6 +8,10 @@ declare -A alpine_version=( [default]='3.17' ) +declare -A debian_version=( + [default]='bullseye' +) + declare -A php_version=( [default]='8.1' ) @@ -93,8 +97,11 @@ function version_greater_or_equal() { function create_variant() { dir="$1/$variant" alpineVersion=${alpine_version[$version]-${alpine_version[default]}} + debianVersion=${debian_version[$version]-${debian_version[default]}} phpVersion=${php_version[$version]-${php_version[default]}} crontabInt=${crontab_int[$version]-${crontab_int[default]}} + url="https://download.nextcloud.com/server/releases/nextcloud-$fullversion.tar.bz2" + ascUrl="https://download.nextcloud.com/server/releases/nextcloud-$fullversion.tar.bz2.asc" # Create the version+variant directory with a Dockerfile. mkdir -p "$dir" @@ -105,13 +112,30 @@ function create_variant() { echo "updating $fullversion [$1] $variant" + # Apply version+variant-specific patches + case "$version" in + 25) + case "$variant" in + fpm-alpine) + # Alpine 3.16 / OpenSSL 1.1 is only available for PHP 8.0 + phpVersion=8.0 + ;; + esac + + # Nextcloud 26+ recommends sysvsem + sed -ri -e '/sysvsem/d' "$dir/Dockerfile" + ;; + esac + # Replace the variables. sed -ri -e ' s/%%ALPINE_VERSION%%/'"$alpineVersion"'/g; + s/%%DEBIAN_VERSION%%/'"$debianVersion"'/g; s/%%PHP_VERSION%%/'"$phpVersion"'/g; s/%%VARIANT%%/'"$variant"'/g; s/%%VERSION%%/'"$fullversion"'/g; - s/%%BASE_DOWNLOAD_URL%%/'"$2"'/g; + s/%%DOWNLOAD_URL%%/'"$(sed -e 's/[\/&]/\\&/g' <<< "$url")"'/g; + s/%%DOWNLOAD_URL_ASC%%/'"$(sed -e 's/[\/&]/\\&/g' <<< "$ascUrl")"'/g; s/%%CMD%%/'"${cmd[$variant]}"'/g; s|%%VARIANT_EXTRAS%%|'"${extras[$variant]}"'|g; s/%%APCU_VERSION%%/'"${pecl_versions[APCu]}"'/g; @@ -121,24 +145,6 @@ function create_variant() { s/%%CRONTAB_INT%%/'"$crontabInt"'/g; ' "$dir/Dockerfile" - # Nextcloud 26+ recommends sysvsem - case "$version" in - 25 ) - case "$variant" in - fpm-alpine ) - # Alpine 3.16 / OpenSSL 1.1 is only available for PHP 8.0 - sed -ri -e ' - s/FROM php:8\.1-fpm-alpine/FROM php:8.0-fpm-alpine/ - ' "$dir/Dockerfile" - ;; - esac - - sed -ri -e ' - /sysvsem/d - ' "$dir/Dockerfile" - ;; - esac - # Copy the shell scripts for name in entrypoint cron; do cp "docker-$name.sh" "$dir/$name.sh" @@ -154,6 +160,16 @@ function create_variant() { if [ "$variant" != "apache" ]; then rm "$dir/config/apache-pretty-urls.config.php" fi + + # Add variant to versions.json + [ "${base[$variant]}" == "alpine" ] && baseVersion="$alpineVersion" || baseVersion="$debianVersion" + versionVariantsJson="$(jq -e \ + --arg version "$version" --arg variant "$variant" --arg base "${base[$variant]}" --arg baseVersion "$baseVersion" --arg phpVersion "$phpVersion" \ + '.[$version].variants[$variant] = {"variant": $variant, "base": $base, "baseVersion": $baseVersion, "phpVersion": $phpVersion}' versions.json)" + versionJson="$(jq -e \ + --arg version "$version" --arg fullversion "$fullversion" --arg url "$url" --arg ascUrl "$ascUrl" --argjson variants "$versionVariantsJson" \ + '.[$version] = {"branch": $version, "version": $fullversion, "url": $url, "ascUrl": $ascUrl, "variants": $variants[$version].variants}' versions.json)" + printf '%s\n' "$versionJson" > versions.json } curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| \ @@ -164,19 +180,20 @@ curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| \ find . -maxdepth 1 -type d -regextype sed -regex '\./[[:digit:]]\+\.[[:digit:]]\+\(-rc\|-beta\|-alpha\)\?' -exec rm -r '{}' \; +printf '%s' "{}" > versions.json + fullversions=( $( curl -fsSL 'https://download.nextcloud.com/server/releases/' |tac|tac| \ grep -oE 'nextcloud-[[:digit:]]+(\.[[:digit:]]+){2}' | \ grep -oE '[[:digit:]]+(\.[[:digit:]]+){2}' | \ sort -urV ) ) versions=( $( printf '%s\n' "${fullversions[@]}" | cut -d. -f1 | sort -urV ) ) + for version in "${versions[@]}"; do fullversion="$( printf '%s\n' "${fullversions[@]}" | grep -E "^$version" | head -1 )" if version_greater_or_equal "$version" "$min_version"; then - for variant in "${variants[@]}"; do - - create_variant "$version" "https:\/\/download.nextcloud.com\/server\/releases" + create_variant "$version" done fi done diff --git a/versions.json b/versions.json new file mode 100644 index 00000000..de910976 --- /dev/null +++ b/versions.json @@ -0,0 +1,54 @@ +{ + "26": { + "branch": "26", + "version": "26.0.2", + "url": "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-26.0.2.tar.bz2.asc", + "variants": { + "apache": { + "variant": "apache", + "base": "debian", + "baseVersion": "bullseye", + "phpVersion": "8.1" + }, + "fpm": { + "variant": "fpm", + "base": "debian", + "baseVersion": "bullseye", + "phpVersion": "8.1" + }, + "fpm-alpine": { + "variant": "fpm-alpine", + "base": "alpine", + "baseVersion": "3.17", + "phpVersion": "8.1" + } + } + }, + "25": { + "branch": "25", + "version": "25.0.7", + "url": "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-25.0.7.tar.bz2.asc", + "variants": { + "apache": { + "variant": "apache", + "base": "debian", + "baseVersion": "bullseye", + "phpVersion": "8.1" + }, + "fpm": { + "variant": "fpm", + "base": "debian", + "baseVersion": "bullseye", + "phpVersion": "8.1" + }, + "fpm-alpine": { + "variant": "fpm-alpine", + "base": "alpine", + "baseVersion": "3.16", + "phpVersion": "8.0" + } + } + } +} From 4298972d2eb5ba40464ada4afd8c39f3f8ab2d89 Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 31 May 2023 13:06:10 +0000 Subject: [PATCH 08/13] Restore PHP 8.1 for Nextcloud 25 (#1998) https://github.com/docker-library/php/pull/1412 Signed-off-by: J0WI --- update.sh | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/update.sh b/update.sh index 45864735..3b0c7dd4 100755 --- a/update.sh +++ b/update.sh @@ -2,10 +2,8 @@ set -eo pipefail declare -A alpine_version=( - # https://github.com/nextcloud/server/issues/32003 - # Nextcloud 25 requires OpenSSL 1.1 - [25]='3.16' [default]='3.17' + [25]='3.16' ) declare -A debian_version=( @@ -115,13 +113,6 @@ function create_variant() { # Apply version+variant-specific patches case "$version" in 25) - case "$variant" in - fpm-alpine) - # Alpine 3.16 / OpenSSL 1.1 is only available for PHP 8.0 - phpVersion=8.0 - ;; - esac - # Nextcloud 26+ recommends sysvsem sed -ri -e '/sysvsem/d' "$dir/Dockerfile" ;; From d24ce7420155ad55723c4fb557598f19f85a0e30 Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Wed, 31 May 2023 13:11:48 +0000 Subject: [PATCH 09/13] Runs update.sh --- 25/fpm-alpine/Dockerfile | 2 +- versions.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/25/fpm-alpine/Dockerfile b/25/fpm-alpine/Dockerfile index 7af9e2af..d2984eca 100644 --- a/25/fpm-alpine/Dockerfile +++ b/25/fpm-alpine/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:8.0-fpm-alpine3.16 +FROM php:8.1-fpm-alpine3.16 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ diff --git a/versions.json b/versions.json index de910976..26c537af 100644 --- a/versions.json +++ b/versions.json @@ -47,7 +47,7 @@ "variant": "fpm-alpine", "base": "alpine", "baseVersion": "3.16", - "phpVersion": "8.0" + "phpVersion": "8.1" } } } From fb5866ada90529aa04da11c9b0f96511b61a09d5 Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 31 May 2023 15:16:04 +0000 Subject: [PATCH 10/13] Use no-network option (#2000) Signed-off-by: J0WI --- 25/fpm-alpine/Dockerfile | 6 +++--- 26/fpm-alpine/Dockerfile | 6 +++--- Dockerfile-alpine.template | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/25/fpm-alpine/Dockerfile b/25/fpm-alpine/Dockerfile index d2984eca..460cfb46 100644 --- a/25/fpm-alpine/Dockerfile +++ b/25/fpm-alpine/Dockerfile @@ -72,8 +72,8 @@ RUN set -ex; \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )"; \ - apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del .build-deps + apk add --no-network --virtual .nextcloud-phpext-rundeps $runDeps; \ + apk del --no-network .build-deps # set recommended PHP.ini settings # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache @@ -126,7 +126,7 @@ RUN set -ex; \ mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/custom_apps; \ chmod +x /usr/src/nextcloud/occ; \ - apk del .fetch-deps + apk del --no-network .fetch-deps COPY *.sh upgrade.exclude / COPY config/* /usr/src/nextcloud/config/ diff --git a/26/fpm-alpine/Dockerfile b/26/fpm-alpine/Dockerfile index 1ef8f5b9..14a0e90b 100644 --- a/26/fpm-alpine/Dockerfile +++ b/26/fpm-alpine/Dockerfile @@ -73,8 +73,8 @@ RUN set -ex; \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )"; \ - apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del .build-deps + apk add --no-network --virtual .nextcloud-phpext-rundeps $runDeps; \ + apk del --no-network .build-deps # set recommended PHP.ini settings # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache @@ -127,7 +127,7 @@ RUN set -ex; \ mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/custom_apps; \ chmod +x /usr/src/nextcloud/occ; \ - apk del .fetch-deps + apk del --no-network .fetch-deps COPY *.sh upgrade.exclude / COPY config/* /usr/src/nextcloud/config/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 5aaded89..3d69ca5d 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -72,8 +72,8 @@ RUN set -ex; \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )"; \ - apk add --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del .build-deps + apk add --no-network --virtual .nextcloud-phpext-rundeps $runDeps; \ + apk del --no-network .build-deps # set recommended PHP.ini settings # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache @@ -126,7 +126,7 @@ RUN set -ex; \ mkdir -p /usr/src/nextcloud/data; \ mkdir -p /usr/src/nextcloud/custom_apps; \ chmod +x /usr/src/nextcloud/occ; \ - apk del .fetch-deps + apk del --no-network .fetch-deps COPY *.sh upgrade.exclude / COPY config/* /usr/src/nextcloud/config/ From 22d28e45cdcdb553239af45c7b1566d628f72bc6 Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 31 May 2023 15:17:36 +0000 Subject: [PATCH 11/13] Alpine 3.18 & PHP 8.2 (#1989) Signed-off-by: J0WI --- 26/apache/Dockerfile | 2 +- 26/fpm-alpine/Dockerfile | 2 +- 26/fpm/Dockerfile | 2 +- update.sh | 5 +++-- versions.json | 8 ++++---- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/26/apache/Dockerfile b/26/apache/Dockerfile index 9efd8fd6..f68f2834 100644 --- a/26/apache/Dockerfile +++ b/26/apache/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:8.1-apache-bullseye +FROM php:8.2-apache-bullseye # entrypoint.sh and cron.sh dependencies RUN set -ex; \ diff --git a/26/fpm-alpine/Dockerfile b/26/fpm-alpine/Dockerfile index 14a0e90b..0ea82474 100644 --- a/26/fpm-alpine/Dockerfile +++ b/26/fpm-alpine/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:8.1-fpm-alpine3.17 +FROM php:8.2-fpm-alpine3.18 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ diff --git a/26/fpm/Dockerfile b/26/fpm/Dockerfile index 303f0efb..ff51826e 100644 --- a/26/fpm/Dockerfile +++ b/26/fpm/Dockerfile @@ -1,5 +1,5 @@ # DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:8.1-fpm-bullseye +FROM php:8.2-fpm-bullseye # entrypoint.sh and cron.sh dependencies RUN set -ex; \ diff --git a/update.sh b/update.sh index 3b0c7dd4..8282d826 100755 --- a/update.sh +++ b/update.sh @@ -2,8 +2,8 @@ set -eo pipefail declare -A alpine_version=( - [default]='3.17' [25]='3.16' + [default]='3.18' ) declare -A debian_version=( @@ -11,7 +11,8 @@ declare -A debian_version=( ) declare -A php_version=( - [default]='8.1' + [25]='8.1' + [default]='8.2' ) declare -A cmd=( diff --git a/versions.json b/versions.json index 26c537af..737135bc 100644 --- a/versions.json +++ b/versions.json @@ -9,19 +9,19 @@ "variant": "apache", "base": "debian", "baseVersion": "bullseye", - "phpVersion": "8.1" + "phpVersion": "8.2" }, "fpm": { "variant": "fpm", "base": "debian", "baseVersion": "bullseye", - "phpVersion": "8.1" + "phpVersion": "8.2" }, "fpm-alpine": { "variant": "fpm-alpine", "base": "alpine", - "baseVersion": "3.17", - "phpVersion": "8.1" + "baseVersion": "3.18", + "phpVersion": "8.2" } } }, From 35e99028fb63d836859334ed2d2cccc95dec67f1 Mon Sep 17 00:00:00 2001 From: Simon L Date: Fri, 9 Jun 2023 14:07:41 +0200 Subject: [PATCH 12/13] adjust readme again to be a bit more verbose about what AIO is (#2006) Signed-off-by: Simon L --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d0f68c49..4128efc1 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ A safe home for all your data. Access & share your files, calendars, contacts, m ![logo](https://cdn.rawgit.com/nextcloud/docker/80dd587d847b184ba95d7187a2a7a56ae4cbbb7b/logo.svg) -This Docker micro-service image is developed and maintained by the Nextcloud community. Nextcloud GmbH does not offer support for this Docker image. When you are looking to get professional support, you can become an [enterprise](https://nextcloud.com/enterprise/) customer or use [AIO](https://github.com/nextcloud/all-in-one#nextcloud-all-in-one). +This Docker micro-service image is developed and maintained by the Nextcloud community. Nextcloud GmbH does not offer support for this Docker image. When you are looking to get professional support, you can become an [enterprise](https://nextcloud.com/enterprise/) customer or use [Nextcloud All-in-One docker image](https://github.com/nextcloud/all-in-one#nextcloud-all-in-one) - as the name suggests, Nextcloud All-in-One provides easy deployment and maintenance of Nextcloud Hub included in this one Nextcloud instance. # How to use this image This image is designed to be used in a micro-service environment. There are two versions of the image you can choose from. From ceb2893af1c4ee9bec07082c82f5b638bb47cff7 Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Tue, 13 Jun 2023 15:13:35 +0000 Subject: [PATCH 13/13] Runs update.sh --- 27/apache/Dockerfile | 160 ++++++++++++ .../config/apache-pretty-urls.config.php | 4 + 27/apache/config/apcu.config.php | 4 + 27/apache/config/apps.config.php | 15 ++ 27/apache/config/autoconfig.php | 41 ++++ 27/apache/config/redis.config.php | 17 ++ 27/apache/config/reverse-proxy.config.php | 30 +++ 27/apache/config/s3.config.php | 41 ++++ 27/apache/config/smtp.config.php | 22 ++ 27/apache/config/swift.config.php | 31 +++ 27/apache/cron.sh | 4 + 27/apache/entrypoint.sh | 232 ++++++++++++++++++ 27/apache/upgrade.exclude | 6 + 27/fpm-alpine/Dockerfile | 136 ++++++++++ 27/fpm-alpine/config/apcu.config.php | 4 + 27/fpm-alpine/config/apps.config.php | 15 ++ 27/fpm-alpine/config/autoconfig.php | 41 ++++ 27/fpm-alpine/config/redis.config.php | 17 ++ 27/fpm-alpine/config/reverse-proxy.config.php | 30 +++ 27/fpm-alpine/config/s3.config.php | 41 ++++ 27/fpm-alpine/config/smtp.config.php | 22 ++ 27/fpm-alpine/config/swift.config.php | 31 +++ 27/fpm-alpine/cron.sh | 4 + 27/fpm-alpine/entrypoint.sh | 232 ++++++++++++++++++ 27/fpm-alpine/upgrade.exclude | 6 + 27/fpm/Dockerfile | 152 ++++++++++++ 27/fpm/config/apcu.config.php | 4 + 27/fpm/config/apps.config.php | 15 ++ 27/fpm/config/autoconfig.php | 41 ++++ 27/fpm/config/redis.config.php | 17 ++ 27/fpm/config/reverse-proxy.config.php | 30 +++ 27/fpm/config/s3.config.php | 41 ++++ 27/fpm/config/smtp.config.php | 22 ++ 27/fpm/config/swift.config.php | 31 +++ 27/fpm/cron.sh | 4 + 27/fpm/entrypoint.sh | 232 ++++++++++++++++++ 27/fpm/upgrade.exclude | 6 + latest.txt | 2 +- versions.json | 26 ++ 39 files changed, 1808 insertions(+), 1 deletion(-) create mode 100644 27/apache/Dockerfile create mode 100644 27/apache/config/apache-pretty-urls.config.php create mode 100644 27/apache/config/apcu.config.php create mode 100644 27/apache/config/apps.config.php create mode 100644 27/apache/config/autoconfig.php create mode 100644 27/apache/config/redis.config.php create mode 100644 27/apache/config/reverse-proxy.config.php create mode 100644 27/apache/config/s3.config.php create mode 100644 27/apache/config/smtp.config.php create mode 100644 27/apache/config/swift.config.php create mode 100755 27/apache/cron.sh create mode 100755 27/apache/entrypoint.sh create mode 100644 27/apache/upgrade.exclude create mode 100644 27/fpm-alpine/Dockerfile create mode 100644 27/fpm-alpine/config/apcu.config.php create mode 100644 27/fpm-alpine/config/apps.config.php create mode 100644 27/fpm-alpine/config/autoconfig.php create mode 100644 27/fpm-alpine/config/redis.config.php create mode 100644 27/fpm-alpine/config/reverse-proxy.config.php create mode 100644 27/fpm-alpine/config/s3.config.php create mode 100644 27/fpm-alpine/config/smtp.config.php create mode 100644 27/fpm-alpine/config/swift.config.php create mode 100755 27/fpm-alpine/cron.sh create mode 100755 27/fpm-alpine/entrypoint.sh create mode 100644 27/fpm-alpine/upgrade.exclude create mode 100644 27/fpm/Dockerfile create mode 100644 27/fpm/config/apcu.config.php create mode 100644 27/fpm/config/apps.config.php create mode 100644 27/fpm/config/autoconfig.php create mode 100644 27/fpm/config/redis.config.php create mode 100644 27/fpm/config/reverse-proxy.config.php create mode 100644 27/fpm/config/s3.config.php create mode 100644 27/fpm/config/smtp.config.php create mode 100644 27/fpm/config/swift.config.php create mode 100755 27/fpm/cron.sh create mode 100755 27/fpm/entrypoint.sh create mode 100644 27/fpm/upgrade.exclude diff --git a/27/apache/Dockerfile b/27/apache/Dockerfile new file mode 100644 index 00000000..828520a6 --- /dev/null +++ b/27/apache/Dockerfile @@ -0,0 +1,160 @@ +# DO NOT EDIT: created by update.sh from Dockerfile-debian.template +FROM php:8.2-apache-bullseye + +# entrypoint.sh and cron.sh dependencies +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + busybox-static \ + bzip2 \ + libldap-common \ + libmagickcore-6.q16-6-extra \ + rsync \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /var/spool/cron/crontabs; \ + echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + +# install the PHP extensions we need +# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html +ENV PHP_MEMORY_LIMIT 512M +ENV PHP_UPLOAD_LIMIT 512M +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libevent-dev \ + libfreetype6-dev \ + libgmp-dev \ + libicu-dev \ + libjpeg-dev \ + libldap2-dev \ + libmagickwand-dev \ + libmcrypt-dev \ + libmemcached-dev \ + libpng-dev \ + libpq-dev \ + libwebp-dev \ + libxml2-dev \ + libzip-dev \ + ; \ + \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ + docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ + docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ + docker-php-ext-install -j "$(nproc)" \ + bcmath \ + exif \ + gd \ + gmp \ + intl \ + ldap \ + opcache \ + pcntl \ + pdo_mysql \ + pdo_pgsql \ + sysvsem \ + zip \ + ; \ + \ +# pecl will claim success even if one install fails, so we need to perform each install separately + pecl install APCu-5.1.22; \ + pecl install imagick-3.7.0; \ + pecl install memcached-3.2.0; \ + pecl install redis-5.3.7; \ + \ + docker-php-ext-enable \ + apcu \ + imagick \ + memcached \ + redis \ + ; \ + rm -r /tmp/pear; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* + +# set recommended PHP.ini settings +# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache +RUN { \ + echo 'opcache.enable=1'; \ + echo 'opcache.interned_strings_buffer=32'; \ + echo 'opcache.max_accelerated_files=10000'; \ + echo 'opcache.memory_consumption=128'; \ + echo 'opcache.save_comments=1'; \ + echo 'opcache.revalidate_freq=60'; \ + echo 'opcache.jit=1255'; \ + echo 'opcache.jit_buffer_size=128M'; \ + } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ + \ + echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ + \ + { \ + echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ + echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ + echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ + } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ + \ + mkdir /var/www/data; \ + chown -R www-data:root /var/www; \ + chmod -R g=u /var/www + +VOLUME /var/www/html + +RUN a2enmod headers rewrite remoteip ;\ + {\ + echo RemoteIPHeader X-Real-IP ;\ + echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ + echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ + echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ + } > /etc/apache2/conf-available/remoteip.conf;\ + a2enconf remoteip + +ENV NEXTCLOUD_VERSION 27.0.0 + +RUN set -ex; \ + fetchDeps=" \ + gnupg \ + dirmngr \ + "; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.0.0.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.0.0.tar.bz2.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ +# gpg key from https://nextcloud.com/nextcloud.asc + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ + gpgconf --kill all; \ + rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ + mkdir -p /usr/src/nextcloud/data; \ + mkdir -p /usr/src/nextcloud/custom_apps; \ + chmod +x /usr/src/nextcloud/occ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ + rm -rf /var/lib/apt/lists/* + +COPY *.sh upgrade.exclude / +COPY config/* /usr/src/nextcloud/config/ + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["apache2-foreground"] diff --git a/27/apache/config/apache-pretty-urls.config.php b/27/apache/config/apache-pretty-urls.config.php new file mode 100644 index 00000000..72da1d8c --- /dev/null +++ b/27/apache/config/apache-pretty-urls.config.php @@ -0,0 +1,4 @@ + '/', +); diff --git a/27/apache/config/apcu.config.php b/27/apache/config/apcu.config.php new file mode 100644 index 00000000..69fed876 --- /dev/null +++ b/27/apache/config/apcu.config.php @@ -0,0 +1,4 @@ + '\OC\Memcache\APCu', +); diff --git a/27/apache/config/apps.config.php b/27/apache/config/apps.config.php new file mode 100644 index 00000000..4c37f72a --- /dev/null +++ b/27/apache/config/apps.config.php @@ -0,0 +1,15 @@ + array ( + 0 => array ( + 'path' => OC::$SERVERROOT.'/apps', + 'url' => '/apps', + 'writable' => false, + ), + 1 => array ( + 'path' => OC::$SERVERROOT.'/custom_apps', + 'url' => '/custom_apps', + 'writable' => true, + ), + ), +); diff --git a/27/apache/config/autoconfig.php b/27/apache/config/autoconfig.php new file mode 100644 index 00000000..92ad2a1c --- /dev/null +++ b/27/apache/config/autoconfig.php @@ -0,0 +1,41 @@ + '\OC\Memcache\Redis', + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => array( + 'host' => getenv('REDIS_HOST'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + ), + ); + + if (getenv('REDIS_HOST_PORT') !== false) { + $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); + } elseif (getenv('REDIS_HOST')[0] != '/') { + $CONFIG['redis']['port'] = 6379; + } +} diff --git a/27/apache/config/reverse-proxy.config.php b/27/apache/config/reverse-proxy.config.php new file mode 100644 index 00000000..7df0415e --- /dev/null +++ b/27/apache/config/reverse-proxy.config.php @@ -0,0 +1,30 @@ + array( + 'class' => '\OC\Files\ObjectStore\S3', + 'arguments' => array( + 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), + 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', + 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', + 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', + 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", + 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, + 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, + // required for some non Amazon S3 implementations + 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', + // required for older protocol versions + 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' + ) + ) + ); + + if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_KEY')) { + $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); + } else { + $CONFIG['objectstore']['arguments']['key'] = ''; + } + + if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); + } else { + $CONFIG['objectstore']['arguments']['secret'] = ''; + } +} diff --git a/27/apache/config/smtp.config.php b/27/apache/config/smtp.config.php new file mode 100644 index 00000000..5006fe47 --- /dev/null +++ b/27/apache/config/smtp.config.php @@ -0,0 +1,22 @@ + 'smtp', + 'mail_smtphost' => getenv('SMTP_HOST'), + 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), + 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', + 'mail_smtpname' => getenv('SMTP_NAME') ?: '', + 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), + 'mail_domain' => getenv('MAIL_DOMAIN'), + ); + + if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); + } elseif (getenv('SMTP_PASSWORD')) { + $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); + } else { + $CONFIG['mail_smtppassword'] = ''; + } +} diff --git a/27/apache/config/swift.config.php b/27/apache/config/swift.config.php new file mode 100644 index 00000000..47ada566 --- /dev/null +++ b/27/apache/config/swift.config.php @@ -0,0 +1,31 @@ + [ + 'class' => 'OC\\Files\\ObjectStore\\Swift', + 'arguments' => [ + 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', + 'user' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), + 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', + ], + ], + 'scope' => [ + 'project' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', + ], + ], + ], + 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', + 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), + 'url' => getenv('OBJECTSTORE_SWIFT_URL'), + 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), + ] + ] + ); +} diff --git a/27/apache/cron.sh b/27/apache/cron.sh new file mode 100755 index 00000000..4dfa4118 --- /dev/null +++ b/27/apache/cron.sh @@ -0,0 +1,4 @@ +#!/bin/sh +set -eu + +exec busybox crond -f -l 0 -L /dev/stdout diff --git a/27/apache/entrypoint.sh b/27/apache/entrypoint.sh new file mode 100755 index 00000000..37441fd8 --- /dev/null +++ b/27/apache/entrypoint.sh @@ -0,0 +1,232 @@ +#!/bin/sh +set -eu + +# version_greater A B returns whether A > B +version_greater() { + [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] +} + +# return true if specified directory is empty +directory_empty() { + [ -z "$(ls -A "$1/")" ] +} + +run_as() { + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh -c "$1" + else + sh -c "$1" + fi +} + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + +if expr "$1" : "apache" 1>/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then + uid="$(id -u)" + gid="$(id -g)" + if [ "$uid" = '0' ]; then + case "$1" in + apache2*) + user="${APACHE_RUN_USER:-www-data}" + group="${APACHE_RUN_GROUP:-www-data}" + + # strip off any '#' symbol ('#1000' is valid syntax for Apache) + user="${user#'#'}" + group="${group#'#'}" + ;; + *) # php-fpm + user='www-data' + group='www-data' + ;; + esac + else + user="$uid" + group="$gid" + fi + + if [ -n "${REDIS_HOST+x}" ]; then + + echo "Configuring Redis as session handler" + { + file_env REDIS_HOST_PASSWORD + echo 'session.save_handler = redis' + # check if redis host is an unix socket path + if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then + if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"unix://${REDIS_HOST}\"" + fi + # check if redis password has been set + elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" + fi + echo "redis.session.locking_enabled = 1" + echo "redis.session.lock_retries = -1" + # redis.session.lock_wait_time is specified in microseconds. + # Wait 10ms before retrying the lock rather than the default 2ms. + echo "redis.session.lock_wait_time = 10000" + } > /usr/local/etc/php/conf.d/redis-session.ini + fi + + # If another process is syncing the html folder, wait for + # it to be done, then escape initalization. + ( + if ! flock -n 9; then + # If we couldn't get it immediately, show a message, then wait for real + echo "Another process is initializing Nextcloud. Waiting..." + flock 9 + fi + + installed_version="0.0.0.0" + if [ -f /var/www/html/version.php ]; then + # shellcheck disable=SC2016 + installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" + fi + # shellcheck disable=SC2016 + image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" + + if version_greater "$installed_version" "$image_version"; then + echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" + exit 1 + fi + + if version_greater "$image_version" "$installed_version"; then + echo "Initializing nextcloud $image_version ..." + if [ "$installed_version" != "0.0.0.0" ]; then + echo "Upgrading nextcloud from $installed_version ..." + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + fi + if [ "$(id -u)" = 0 ]; then + rsync_options="-rlDog --chown $user:$group" + else + rsync_options="-rlD" + fi + + rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ + for dir in config data custom_apps themes; do + if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then + rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + fi + done + rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + + # Install + if [ "$installed_version" = "0.0.0.0" ]; then + echo "New nextcloud instance" + + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then + # shellcheck disable=SC2016 + install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' + if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then + # shellcheck disable=SC2016 + install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' + fi + + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + + install=false + if [ -n "${SQLITE_DATABASE+x}" ]; then + echo "Installing with SQLite database" + # shellcheck disable=SC2016 + install_options=$install_options' --database-name "$SQLITE_DATABASE"' + install=true + elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then + echo "Installing with MySQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' + install=true + elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then + echo "Installing with PostgreSQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' + install=true + fi + + if [ "$install" = true ]; then + echo "Starting nextcloud installation" + max_retries=10 + try=0 + until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + do + echo "Retrying install..." + try=$((try+1)) + sleep 10s + done + if [ "$try" -gt "$max_retries" ]; then + echo "Installing of nextcloud failed!" + exit 1 + fi + if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then + echo "Setting trusted domains…" + NC_TRUSTED_DOMAIN_IDX=1 + for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do + DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) + done + fi + else + echo "Please run the web-based installer on first connect!" + fi + fi + # Upgrade + else + run_as 'php /var/www/html/occ upgrade' + + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + echo "The following apps have been disabled:" + diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 + rm -f /tmp/list_before /tmp/list_after + + fi + + echo "Initializing finished" + fi + + # Update htaccess after init if requested + if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then + run_as 'php /var/www/html/occ maintenance:update:htaccess' + fi + ) 9> /var/www/html/nextcloud-init-sync.lock +fi + +exec "$@" diff --git a/27/apache/upgrade.exclude b/27/apache/upgrade.exclude new file mode 100644 index 00000000..31ce39a8 --- /dev/null +++ b/27/apache/upgrade.exclude @@ -0,0 +1,6 @@ +/config/ +/data/ +/custom_apps/ +/themes/ +/version.php +/nextcloud-init-sync.lock diff --git a/27/fpm-alpine/Dockerfile b/27/fpm-alpine/Dockerfile new file mode 100644 index 00000000..a137cc2a --- /dev/null +++ b/27/fpm-alpine/Dockerfile @@ -0,0 +1,136 @@ +# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template +FROM php:8.2-fpm-alpine3.18 + +# entrypoint.sh and cron.sh dependencies +RUN set -ex; \ + \ + apk add --no-cache \ + imagemagick \ + rsync \ + ; \ + \ + rm /var/spool/cron/crontabs/root; \ + echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + +# install the PHP extensions we need +# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html +RUN set -ex; \ + \ + apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + autoconf \ + freetype-dev \ + gmp-dev \ + icu-dev \ + imagemagick-dev \ + libevent-dev \ + libjpeg-turbo-dev \ + libmcrypt-dev \ + libmemcached-dev \ + libpng-dev \ + libwebp-dev \ + libxml2-dev \ + libzip-dev \ + openldap-dev \ + pcre-dev \ + postgresql-dev \ + ; \ + \ + docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ + docker-php-ext-configure ldap; \ + docker-php-ext-install -j "$(nproc)" \ + bcmath \ + exif \ + gd \ + gmp \ + intl \ + ldap \ + opcache \ + pcntl \ + pdo_mysql \ + pdo_pgsql \ + sysvsem \ + zip \ + ; \ + \ +# pecl will claim success even if one install fails, so we need to perform each install separately + pecl install APCu-5.1.22; \ + pecl install imagick-3.7.0; \ + pecl install memcached-3.2.0; \ + pecl install redis-5.3.7; \ + \ + docker-php-ext-enable \ + apcu \ + imagick \ + memcached \ + redis \ + ; \ + rm -r /tmp/pear; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --no-network --virtual .nextcloud-phpext-rundeps $runDeps; \ + apk del --no-network .build-deps + +# set recommended PHP.ini settings +# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache +ENV PHP_MEMORY_LIMIT 512M +ENV PHP_UPLOAD_LIMIT 512M +RUN { \ + echo 'opcache.enable=1'; \ + echo 'opcache.interned_strings_buffer=32'; \ + echo 'opcache.max_accelerated_files=10000'; \ + echo 'opcache.memory_consumption=128'; \ + echo 'opcache.save_comments=1'; \ + echo 'opcache.revalidate_freq=60'; \ + echo 'opcache.jit=1255'; \ + echo 'opcache.jit_buffer_size=128M'; \ + } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ + \ + echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ + \ + { \ + echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ + echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ + echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ + } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ + \ + mkdir /var/www/data; \ + chown -R www-data:root /var/www; \ + chmod -R g=u /var/www + +VOLUME /var/www/html + + +ENV NEXTCLOUD_VERSION 27.0.0 + +RUN set -ex; \ + apk add --no-cache --virtual .fetch-deps \ + bzip2 \ + gnupg \ + ; \ + \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.0.0.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.0.0.tar.bz2.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ +# gpg key from https://nextcloud.com/nextcloud.asc + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ + gpgconf --kill all; \ + rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ + mkdir -p /usr/src/nextcloud/data; \ + mkdir -p /usr/src/nextcloud/custom_apps; \ + chmod +x /usr/src/nextcloud/occ; \ + apk del --no-network .fetch-deps + +COPY *.sh upgrade.exclude / +COPY config/* /usr/src/nextcloud/config/ + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["php-fpm"] diff --git a/27/fpm-alpine/config/apcu.config.php b/27/fpm-alpine/config/apcu.config.php new file mode 100644 index 00000000..69fed876 --- /dev/null +++ b/27/fpm-alpine/config/apcu.config.php @@ -0,0 +1,4 @@ + '\OC\Memcache\APCu', +); diff --git a/27/fpm-alpine/config/apps.config.php b/27/fpm-alpine/config/apps.config.php new file mode 100644 index 00000000..4c37f72a --- /dev/null +++ b/27/fpm-alpine/config/apps.config.php @@ -0,0 +1,15 @@ + array ( + 0 => array ( + 'path' => OC::$SERVERROOT.'/apps', + 'url' => '/apps', + 'writable' => false, + ), + 1 => array ( + 'path' => OC::$SERVERROOT.'/custom_apps', + 'url' => '/custom_apps', + 'writable' => true, + ), + ), +); diff --git a/27/fpm-alpine/config/autoconfig.php b/27/fpm-alpine/config/autoconfig.php new file mode 100644 index 00000000..92ad2a1c --- /dev/null +++ b/27/fpm-alpine/config/autoconfig.php @@ -0,0 +1,41 @@ + '\OC\Memcache\Redis', + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => array( + 'host' => getenv('REDIS_HOST'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + ), + ); + + if (getenv('REDIS_HOST_PORT') !== false) { + $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); + } elseif (getenv('REDIS_HOST')[0] != '/') { + $CONFIG['redis']['port'] = 6379; + } +} diff --git a/27/fpm-alpine/config/reverse-proxy.config.php b/27/fpm-alpine/config/reverse-proxy.config.php new file mode 100644 index 00000000..7df0415e --- /dev/null +++ b/27/fpm-alpine/config/reverse-proxy.config.php @@ -0,0 +1,30 @@ + array( + 'class' => '\OC\Files\ObjectStore\S3', + 'arguments' => array( + 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), + 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', + 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', + 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', + 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", + 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, + 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, + // required for some non Amazon S3 implementations + 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', + // required for older protocol versions + 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' + ) + ) + ); + + if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_KEY')) { + $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); + } else { + $CONFIG['objectstore']['arguments']['key'] = ''; + } + + if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); + } else { + $CONFIG['objectstore']['arguments']['secret'] = ''; + } +} diff --git a/27/fpm-alpine/config/smtp.config.php b/27/fpm-alpine/config/smtp.config.php new file mode 100644 index 00000000..5006fe47 --- /dev/null +++ b/27/fpm-alpine/config/smtp.config.php @@ -0,0 +1,22 @@ + 'smtp', + 'mail_smtphost' => getenv('SMTP_HOST'), + 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), + 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', + 'mail_smtpname' => getenv('SMTP_NAME') ?: '', + 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), + 'mail_domain' => getenv('MAIL_DOMAIN'), + ); + + if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); + } elseif (getenv('SMTP_PASSWORD')) { + $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); + } else { + $CONFIG['mail_smtppassword'] = ''; + } +} diff --git a/27/fpm-alpine/config/swift.config.php b/27/fpm-alpine/config/swift.config.php new file mode 100644 index 00000000..47ada566 --- /dev/null +++ b/27/fpm-alpine/config/swift.config.php @@ -0,0 +1,31 @@ + [ + 'class' => 'OC\\Files\\ObjectStore\\Swift', + 'arguments' => [ + 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', + 'user' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), + 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', + ], + ], + 'scope' => [ + 'project' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', + ], + ], + ], + 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', + 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), + 'url' => getenv('OBJECTSTORE_SWIFT_URL'), + 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), + ] + ] + ); +} diff --git a/27/fpm-alpine/cron.sh b/27/fpm-alpine/cron.sh new file mode 100755 index 00000000..4dfa4118 --- /dev/null +++ b/27/fpm-alpine/cron.sh @@ -0,0 +1,4 @@ +#!/bin/sh +set -eu + +exec busybox crond -f -l 0 -L /dev/stdout diff --git a/27/fpm-alpine/entrypoint.sh b/27/fpm-alpine/entrypoint.sh new file mode 100755 index 00000000..37441fd8 --- /dev/null +++ b/27/fpm-alpine/entrypoint.sh @@ -0,0 +1,232 @@ +#!/bin/sh +set -eu + +# version_greater A B returns whether A > B +version_greater() { + [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] +} + +# return true if specified directory is empty +directory_empty() { + [ -z "$(ls -A "$1/")" ] +} + +run_as() { + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh -c "$1" + else + sh -c "$1" + fi +} + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + +if expr "$1" : "apache" 1>/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then + uid="$(id -u)" + gid="$(id -g)" + if [ "$uid" = '0' ]; then + case "$1" in + apache2*) + user="${APACHE_RUN_USER:-www-data}" + group="${APACHE_RUN_GROUP:-www-data}" + + # strip off any '#' symbol ('#1000' is valid syntax for Apache) + user="${user#'#'}" + group="${group#'#'}" + ;; + *) # php-fpm + user='www-data' + group='www-data' + ;; + esac + else + user="$uid" + group="$gid" + fi + + if [ -n "${REDIS_HOST+x}" ]; then + + echo "Configuring Redis as session handler" + { + file_env REDIS_HOST_PASSWORD + echo 'session.save_handler = redis' + # check if redis host is an unix socket path + if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then + if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"unix://${REDIS_HOST}\"" + fi + # check if redis password has been set + elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" + fi + echo "redis.session.locking_enabled = 1" + echo "redis.session.lock_retries = -1" + # redis.session.lock_wait_time is specified in microseconds. + # Wait 10ms before retrying the lock rather than the default 2ms. + echo "redis.session.lock_wait_time = 10000" + } > /usr/local/etc/php/conf.d/redis-session.ini + fi + + # If another process is syncing the html folder, wait for + # it to be done, then escape initalization. + ( + if ! flock -n 9; then + # If we couldn't get it immediately, show a message, then wait for real + echo "Another process is initializing Nextcloud. Waiting..." + flock 9 + fi + + installed_version="0.0.0.0" + if [ -f /var/www/html/version.php ]; then + # shellcheck disable=SC2016 + installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" + fi + # shellcheck disable=SC2016 + image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" + + if version_greater "$installed_version" "$image_version"; then + echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" + exit 1 + fi + + if version_greater "$image_version" "$installed_version"; then + echo "Initializing nextcloud $image_version ..." + if [ "$installed_version" != "0.0.0.0" ]; then + echo "Upgrading nextcloud from $installed_version ..." + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + fi + if [ "$(id -u)" = 0 ]; then + rsync_options="-rlDog --chown $user:$group" + else + rsync_options="-rlD" + fi + + rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ + for dir in config data custom_apps themes; do + if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then + rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + fi + done + rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + + # Install + if [ "$installed_version" = "0.0.0.0" ]; then + echo "New nextcloud instance" + + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then + # shellcheck disable=SC2016 + install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' + if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then + # shellcheck disable=SC2016 + install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' + fi + + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + + install=false + if [ -n "${SQLITE_DATABASE+x}" ]; then + echo "Installing with SQLite database" + # shellcheck disable=SC2016 + install_options=$install_options' --database-name "$SQLITE_DATABASE"' + install=true + elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then + echo "Installing with MySQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' + install=true + elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then + echo "Installing with PostgreSQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' + install=true + fi + + if [ "$install" = true ]; then + echo "Starting nextcloud installation" + max_retries=10 + try=0 + until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + do + echo "Retrying install..." + try=$((try+1)) + sleep 10s + done + if [ "$try" -gt "$max_retries" ]; then + echo "Installing of nextcloud failed!" + exit 1 + fi + if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then + echo "Setting trusted domains…" + NC_TRUSTED_DOMAIN_IDX=1 + for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do + DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) + done + fi + else + echo "Please run the web-based installer on first connect!" + fi + fi + # Upgrade + else + run_as 'php /var/www/html/occ upgrade' + + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + echo "The following apps have been disabled:" + diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 + rm -f /tmp/list_before /tmp/list_after + + fi + + echo "Initializing finished" + fi + + # Update htaccess after init if requested + if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then + run_as 'php /var/www/html/occ maintenance:update:htaccess' + fi + ) 9> /var/www/html/nextcloud-init-sync.lock +fi + +exec "$@" diff --git a/27/fpm-alpine/upgrade.exclude b/27/fpm-alpine/upgrade.exclude new file mode 100644 index 00000000..31ce39a8 --- /dev/null +++ b/27/fpm-alpine/upgrade.exclude @@ -0,0 +1,6 @@ +/config/ +/data/ +/custom_apps/ +/themes/ +/version.php +/nextcloud-init-sync.lock diff --git a/27/fpm/Dockerfile b/27/fpm/Dockerfile new file mode 100644 index 00000000..754db7af --- /dev/null +++ b/27/fpm/Dockerfile @@ -0,0 +1,152 @@ +# DO NOT EDIT: created by update.sh from Dockerfile-debian.template +FROM php:8.2-fpm-bullseye + +# entrypoint.sh and cron.sh dependencies +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + busybox-static \ + bzip2 \ + libldap-common \ + libmagickcore-6.q16-6-extra \ + rsync \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /var/spool/cron/crontabs; \ + echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + +# install the PHP extensions we need +# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html +ENV PHP_MEMORY_LIMIT 512M +ENV PHP_UPLOAD_LIMIT 512M +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libevent-dev \ + libfreetype6-dev \ + libgmp-dev \ + libicu-dev \ + libjpeg-dev \ + libldap2-dev \ + libmagickwand-dev \ + libmcrypt-dev \ + libmemcached-dev \ + libpng-dev \ + libpq-dev \ + libwebp-dev \ + libxml2-dev \ + libzip-dev \ + ; \ + \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ + docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ + docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ + docker-php-ext-install -j "$(nproc)" \ + bcmath \ + exif \ + gd \ + gmp \ + intl \ + ldap \ + opcache \ + pcntl \ + pdo_mysql \ + pdo_pgsql \ + sysvsem \ + zip \ + ; \ + \ +# pecl will claim success even if one install fails, so we need to perform each install separately + pecl install APCu-5.1.22; \ + pecl install imagick-3.7.0; \ + pecl install memcached-3.2.0; \ + pecl install redis-5.3.7; \ + \ + docker-php-ext-enable \ + apcu \ + imagick \ + memcached \ + redis \ + ; \ + rm -r /tmp/pear; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* + +# set recommended PHP.ini settings +# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache +RUN { \ + echo 'opcache.enable=1'; \ + echo 'opcache.interned_strings_buffer=32'; \ + echo 'opcache.max_accelerated_files=10000'; \ + echo 'opcache.memory_consumption=128'; \ + echo 'opcache.save_comments=1'; \ + echo 'opcache.revalidate_freq=60'; \ + echo 'opcache.jit=1255'; \ + echo 'opcache.jit_buffer_size=128M'; \ + } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ + \ + echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ + \ + { \ + echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ + echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ + echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ + } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ + \ + mkdir /var/www/data; \ + chown -R www-data:root /var/www; \ + chmod -R g=u /var/www + +VOLUME /var/www/html + + +ENV NEXTCLOUD_VERSION 27.0.0 + +RUN set -ex; \ + fetchDeps=" \ + gnupg \ + dirmngr \ + "; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.0.0.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.0.0.tar.bz2.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ +# gpg key from https://nextcloud.com/nextcloud.asc + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ + gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ + gpgconf --kill all; \ + rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ + rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ + mkdir -p /usr/src/nextcloud/data; \ + mkdir -p /usr/src/nextcloud/custom_apps; \ + chmod +x /usr/src/nextcloud/occ; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ + rm -rf /var/lib/apt/lists/* + +COPY *.sh upgrade.exclude / +COPY config/* /usr/src/nextcloud/config/ + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["php-fpm"] diff --git a/27/fpm/config/apcu.config.php b/27/fpm/config/apcu.config.php new file mode 100644 index 00000000..69fed876 --- /dev/null +++ b/27/fpm/config/apcu.config.php @@ -0,0 +1,4 @@ + '\OC\Memcache\APCu', +); diff --git a/27/fpm/config/apps.config.php b/27/fpm/config/apps.config.php new file mode 100644 index 00000000..4c37f72a --- /dev/null +++ b/27/fpm/config/apps.config.php @@ -0,0 +1,15 @@ + array ( + 0 => array ( + 'path' => OC::$SERVERROOT.'/apps', + 'url' => '/apps', + 'writable' => false, + ), + 1 => array ( + 'path' => OC::$SERVERROOT.'/custom_apps', + 'url' => '/custom_apps', + 'writable' => true, + ), + ), +); diff --git a/27/fpm/config/autoconfig.php b/27/fpm/config/autoconfig.php new file mode 100644 index 00000000..92ad2a1c --- /dev/null +++ b/27/fpm/config/autoconfig.php @@ -0,0 +1,41 @@ + '\OC\Memcache\Redis', + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => array( + 'host' => getenv('REDIS_HOST'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + ), + ); + + if (getenv('REDIS_HOST_PORT') !== false) { + $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); + } elseif (getenv('REDIS_HOST')[0] != '/') { + $CONFIG['redis']['port'] = 6379; + } +} diff --git a/27/fpm/config/reverse-proxy.config.php b/27/fpm/config/reverse-proxy.config.php new file mode 100644 index 00000000..7df0415e --- /dev/null +++ b/27/fpm/config/reverse-proxy.config.php @@ -0,0 +1,30 @@ + array( + 'class' => '\OC\Files\ObjectStore\S3', + 'arguments' => array( + 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), + 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', + 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', + 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', + 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", + 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, + 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, + // required for some non Amazon S3 implementations + 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', + // required for older protocol versions + 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' + ) + ) + ); + + if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_KEY')) { + $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); + } else { + $CONFIG['objectstore']['arguments']['key'] = ''; + } + + if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); + } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); + } else { + $CONFIG['objectstore']['arguments']['secret'] = ''; + } +} diff --git a/27/fpm/config/smtp.config.php b/27/fpm/config/smtp.config.php new file mode 100644 index 00000000..5006fe47 --- /dev/null +++ b/27/fpm/config/smtp.config.php @@ -0,0 +1,22 @@ + 'smtp', + 'mail_smtphost' => getenv('SMTP_HOST'), + 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), + 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', + 'mail_smtpname' => getenv('SMTP_NAME') ?: '', + 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), + 'mail_domain' => getenv('MAIL_DOMAIN'), + ); + + if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); + } elseif (getenv('SMTP_PASSWORD')) { + $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); + } else { + $CONFIG['mail_smtppassword'] = ''; + } +} diff --git a/27/fpm/config/swift.config.php b/27/fpm/config/swift.config.php new file mode 100644 index 00000000..47ada566 --- /dev/null +++ b/27/fpm/config/swift.config.php @@ -0,0 +1,31 @@ + [ + 'class' => 'OC\\Files\\ObjectStore\\Swift', + 'arguments' => [ + 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', + 'user' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), + 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', + ], + ], + 'scope' => [ + 'project' => [ + 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), + 'domain' => [ + 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', + ], + ], + ], + 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', + 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), + 'url' => getenv('OBJECTSTORE_SWIFT_URL'), + 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), + ] + ] + ); +} diff --git a/27/fpm/cron.sh b/27/fpm/cron.sh new file mode 100755 index 00000000..4dfa4118 --- /dev/null +++ b/27/fpm/cron.sh @@ -0,0 +1,4 @@ +#!/bin/sh +set -eu + +exec busybox crond -f -l 0 -L /dev/stdout diff --git a/27/fpm/entrypoint.sh b/27/fpm/entrypoint.sh new file mode 100755 index 00000000..37441fd8 --- /dev/null +++ b/27/fpm/entrypoint.sh @@ -0,0 +1,232 @@ +#!/bin/sh +set -eu + +# version_greater A B returns whether A > B +version_greater() { + [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] +} + +# return true if specified directory is empty +directory_empty() { + [ -z "$(ls -A "$1/")" ] +} + +run_as() { + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh -c "$1" + else + sh -c "$1" + fi +} + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + +if expr "$1" : "apache" 1>/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then + uid="$(id -u)" + gid="$(id -g)" + if [ "$uid" = '0' ]; then + case "$1" in + apache2*) + user="${APACHE_RUN_USER:-www-data}" + group="${APACHE_RUN_GROUP:-www-data}" + + # strip off any '#' symbol ('#1000' is valid syntax for Apache) + user="${user#'#'}" + group="${group#'#'}" + ;; + *) # php-fpm + user='www-data' + group='www-data' + ;; + esac + else + user="$uid" + group="$gid" + fi + + if [ -n "${REDIS_HOST+x}" ]; then + + echo "Configuring Redis as session handler" + { + file_env REDIS_HOST_PASSWORD + echo 'session.save_handler = redis' + # check if redis host is an unix socket path + if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then + if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"unix://${REDIS_HOST}\"" + fi + # check if redis password has been set + elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" + fi + echo "redis.session.locking_enabled = 1" + echo "redis.session.lock_retries = -1" + # redis.session.lock_wait_time is specified in microseconds. + # Wait 10ms before retrying the lock rather than the default 2ms. + echo "redis.session.lock_wait_time = 10000" + } > /usr/local/etc/php/conf.d/redis-session.ini + fi + + # If another process is syncing the html folder, wait for + # it to be done, then escape initalization. + ( + if ! flock -n 9; then + # If we couldn't get it immediately, show a message, then wait for real + echo "Another process is initializing Nextcloud. Waiting..." + flock 9 + fi + + installed_version="0.0.0.0" + if [ -f /var/www/html/version.php ]; then + # shellcheck disable=SC2016 + installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" + fi + # shellcheck disable=SC2016 + image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" + + if version_greater "$installed_version" "$image_version"; then + echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" + exit 1 + fi + + if version_greater "$image_version" "$installed_version"; then + echo "Initializing nextcloud $image_version ..." + if [ "$installed_version" != "0.0.0.0" ]; then + echo "Upgrading nextcloud from $installed_version ..." + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + fi + if [ "$(id -u)" = 0 ]; then + rsync_options="-rlDog --chown $user:$group" + else + rsync_options="-rlD" + fi + + rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ + for dir in config data custom_apps themes; do + if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then + rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + fi + done + rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ + + # Install + if [ "$installed_version" = "0.0.0.0" ]; then + echo "New nextcloud instance" + + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then + # shellcheck disable=SC2016 + install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' + if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then + # shellcheck disable=SC2016 + install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' + fi + + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + + install=false + if [ -n "${SQLITE_DATABASE+x}" ]; then + echo "Installing with SQLite database" + # shellcheck disable=SC2016 + install_options=$install_options' --database-name "$SQLITE_DATABASE"' + install=true + elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then + echo "Installing with MySQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' + install=true + elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then + echo "Installing with PostgreSQL database" + # shellcheck disable=SC2016 + install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' + install=true + fi + + if [ "$install" = true ]; then + echo "Starting nextcloud installation" + max_retries=10 + try=0 + until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + do + echo "Retrying install..." + try=$((try+1)) + sleep 10s + done + if [ "$try" -gt "$max_retries" ]; then + echo "Installing of nextcloud failed!" + exit 1 + fi + if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then + echo "Setting trusted domains…" + NC_TRUSTED_DOMAIN_IDX=1 + for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do + DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) + done + fi + else + echo "Please run the web-based installer on first connect!" + fi + fi + # Upgrade + else + run_as 'php /var/www/html/occ upgrade' + + run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + echo "The following apps have been disabled:" + diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 + rm -f /tmp/list_before /tmp/list_after + + fi + + echo "Initializing finished" + fi + + # Update htaccess after init if requested + if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then + run_as 'php /var/www/html/occ maintenance:update:htaccess' + fi + ) 9> /var/www/html/nextcloud-init-sync.lock +fi + +exec "$@" diff --git a/27/fpm/upgrade.exclude b/27/fpm/upgrade.exclude new file mode 100644 index 00000000..31ce39a8 --- /dev/null +++ b/27/fpm/upgrade.exclude @@ -0,0 +1,6 @@ +/config/ +/data/ +/custom_apps/ +/themes/ +/version.php +/nextcloud-init-sync.lock diff --git a/latest.txt b/latest.txt index cbf1d673..008c39a4 100644 --- a/latest.txt +++ b/latest.txt @@ -1 +1 @@ -26.0.2 +27.0.0 diff --git a/versions.json b/versions.json index 737135bc..5eb1b9a4 100644 --- a/versions.json +++ b/versions.json @@ -1,4 +1,30 @@ { + "27": { + "branch": "27", + "version": "27.0.0", + "url": "https://download.nextcloud.com/server/releases/nextcloud-27.0.0.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-27.0.0.tar.bz2.asc", + "variants": { + "apache": { + "variant": "apache", + "base": "debian", + "baseVersion": "bullseye", + "phpVersion": "8.2" + }, + "fpm": { + "variant": "fpm", + "base": "debian", + "baseVersion": "bullseye", + "phpVersion": "8.2" + }, + "fpm-alpine": { + "variant": "fpm-alpine", + "base": "alpine", + "baseVersion": "3.18", + "phpVersion": "8.2" + } + } + }, "26": { "branch": "26", "version": "26.0.2",