From 60ac9b728e22cffcbb0328bed9797e7b3510783d Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Wed, 12 Jul 2017 14:08:20 +0200 Subject: [PATCH 01/25] Split the examples into subfolders --- .examples/{Dockerfile.cron => dockerfiles/cron/fpm/Dockerfile} | 0 .examples/{ => dockerfiles/cron/fpm}/supervisord.conf | 0 .../{Dockerfile.imap => dockerfiles/imap/apache/Dockerfile} | 1 + .examples/{Dockerfile.smb => dockerfiles/smb/apache/Dockerfile} | 1 + 4 files changed, 2 insertions(+) rename .examples/{Dockerfile.cron => dockerfiles/cron/fpm/Dockerfile} (100%) rename .examples/{ => dockerfiles/cron/fpm}/supervisord.conf (100%) rename .examples/{Dockerfile.imap => dockerfiles/imap/apache/Dockerfile} (99%) rename .examples/{Dockerfile.smb => dockerfiles/smb/apache/Dockerfile} (99%) diff --git a/.examples/Dockerfile.cron b/.examples/dockerfiles/cron/fpm/Dockerfile similarity index 100% rename from .examples/Dockerfile.cron rename to .examples/dockerfiles/cron/fpm/Dockerfile diff --git a/.examples/supervisord.conf b/.examples/dockerfiles/cron/fpm/supervisord.conf similarity index 100% rename from .examples/supervisord.conf rename to .examples/dockerfiles/cron/fpm/supervisord.conf diff --git a/.examples/Dockerfile.imap b/.examples/dockerfiles/imap/apache/Dockerfile similarity index 99% rename from .examples/Dockerfile.imap rename to .examples/dockerfiles/imap/apache/Dockerfile index 2ae14087..f7958c08 100644 --- a/.examples/Dockerfile.imap +++ b/.examples/dockerfiles/imap/apache/Dockerfile @@ -1,4 +1,5 @@ FROM nextcloud:apache + RUN apt-get update \ && apt-get install -y libc-client-dev libkrb5-dev \ && rm -rf /var/lib/apt/lists/* \ diff --git a/.examples/Dockerfile.smb b/.examples/dockerfiles/smb/apache/Dockerfile similarity index 99% rename from .examples/Dockerfile.smb rename to .examples/dockerfiles/smb/apache/Dockerfile index 52788a23..8ea3f770 100644 --- a/.examples/Dockerfile.smb +++ b/.examples/dockerfiles/smb/apache/Dockerfile @@ -1,2 +1,3 @@ FROM nextcloud:apache + RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/* From 6a54981de4b6d6f9d74b86ecebc8bfe969d92098 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Wed, 12 Jul 2017 14:08:50 +0200 Subject: [PATCH 02/25] Add examples for both cases apache and fpm --- .examples/dockerfiles/cron/apache/Dockerfile | 13 +++++++++++ .../dockerfiles/cron/apache/supervisord.conf | 22 +++++++++++++++++++ .examples/dockerfiles/imap/fpm/Dockerfile | 7 ++++++ .examples/dockerfiles/smb/fpm/Dockerfile | 3 +++ 4 files changed, 45 insertions(+) create mode 100644 .examples/dockerfiles/cron/apache/Dockerfile create mode 100644 .examples/dockerfiles/cron/apache/supervisord.conf create mode 100644 .examples/dockerfiles/imap/fpm/Dockerfile create mode 100644 .examples/dockerfiles/smb/fpm/Dockerfile diff --git a/.examples/dockerfiles/cron/apache/Dockerfile b/.examples/dockerfiles/cron/apache/Dockerfile new file mode 100644 index 00000000..dd4939a8 --- /dev/null +++ b/.examples/dockerfiles/cron/apache/Dockerfile @@ -0,0 +1,13 @@ +FROM nextcloud:apache + +RUN apt-get update && apt-get install -y \ + supervisor \ + cron \ + && rm -rf /var/lib/apt/lists/* + +RUN mkdir /var/log/supervisord /var/run/supervisord && \ + echo "*/15 * * * * su - www-data -s /bin/bash -c \"php -f /var/www/html/cron.php\""| crontab - + +COPY supervisord.conf /etc/supervisor/supervisord.conf + +CMD ["/usr/bin/supervisord"] diff --git a/.examples/dockerfiles/cron/apache/supervisord.conf b/.examples/dockerfiles/cron/apache/supervisord.conf new file mode 100644 index 00000000..25ae32f8 --- /dev/null +++ b/.examples/dockerfiles/cron/apache/supervisord.conf @@ -0,0 +1,22 @@ +[supervisord] +nodaemon=true +logfile=/var/log/supervisord/supervisord.log +pidfile=/var/run/supervisord/supervisord.pid +childlogdir=/var/log/supervisord/ +logfile_maxbytes=50MB ; maximum size of logfile before rotation +logfile_backups=10 ; number of backed up logfiles +loglevel=error + +[program:apache2] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=apache2-foreground + +[program:cron] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=cron -f diff --git a/.examples/dockerfiles/imap/fpm/Dockerfile b/.examples/dockerfiles/imap/fpm/Dockerfile new file mode 100644 index 00000000..b403de66 --- /dev/null +++ b/.examples/dockerfiles/imap/fpm/Dockerfile @@ -0,0 +1,7 @@ +FROM nextcloud:fpm + +RUN apt-get update \ + && apt-get install -y libc-client-dev libkrb5-dev \ + && rm -rf /var/lib/apt/lists/* \ + && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \ + && docker-php-ext-install imap diff --git a/.examples/dockerfiles/smb/fpm/Dockerfile b/.examples/dockerfiles/smb/fpm/Dockerfile new file mode 100644 index 00000000..4c99b863 --- /dev/null +++ b/.examples/dockerfiles/smb/fpm/Dockerfile @@ -0,0 +1,3 @@ +FROM nextcloud:fpm + +RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/* From 83b027fbaedbd4c866f795308cedee4f8453c06a Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Thu, 13 Jul 2017 17:50:04 +0200 Subject: [PATCH 03/25] Add insecure docker-compose examples for apache --- .../mariadb-with-cron/apache/app/Dockerfile | 3 ++ .../apache/app/autoconfig.php | 10 ++++ .../insecure/mariadb-with-cron/apache/db.env | 3 ++ .../apache/docker-compose.yml | 50 +++++++++++++++++++ .../mariadb-with-redis/apache/app/Dockerfile | 5 ++ .../apache/app/autoconfig.php | 10 ++++ .../apache/app/redis.config.php | 8 +++ .../insecure/mariadb-with-redis/apache/db.env | 3 ++ .../apache/docker-compose.yml | 33 ++++++++++++ .../insecure/mariadb/apache/app/Dockerfile | 3 ++ .../mariadb/apache/app/autoconfig.php | 10 ++++ .../insecure/mariadb/apache/db.env | 3 ++ .../mariadb/apache/docker-compose.yml | 28 +++++++++++ .../insecure/postgres/apache/app/Dockerfile | 3 ++ .../postgres/apache/app/autoconfig.php | 10 ++++ .../insecure/postgres/apache/db.env | 3 ++ .../postgres/apache/docker-compose.yml | 26 ++++++++++ 17 files changed, 211 insertions(+) create mode 100644 .examples/docker-compose/insecure/mariadb-with-cron/apache/app/Dockerfile create mode 100644 .examples/docker-compose/insecure/mariadb-with-cron/apache/app/autoconfig.php create mode 100644 .examples/docker-compose/insecure/mariadb-with-cron/apache/db.env create mode 100644 .examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml create mode 100644 .examples/docker-compose/insecure/mariadb-with-redis/apache/app/Dockerfile create mode 100644 .examples/docker-compose/insecure/mariadb-with-redis/apache/app/autoconfig.php create mode 100644 .examples/docker-compose/insecure/mariadb-with-redis/apache/app/redis.config.php create mode 100644 .examples/docker-compose/insecure/mariadb-with-redis/apache/db.env create mode 100644 .examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml create mode 100644 .examples/docker-compose/insecure/mariadb/apache/app/Dockerfile create mode 100644 .examples/docker-compose/insecure/mariadb/apache/app/autoconfig.php create mode 100644 .examples/docker-compose/insecure/mariadb/apache/db.env create mode 100644 .examples/docker-compose/insecure/mariadb/apache/docker-compose.yml create mode 100644 .examples/docker-compose/insecure/postgres/apache/app/Dockerfile create mode 100644 .examples/docker-compose/insecure/postgres/apache/app/autoconfig.php create mode 100644 .examples/docker-compose/insecure/postgres/apache/db.env create mode 100644 .examples/docker-compose/insecure/postgres/apache/docker-compose.yml diff --git a/.examples/docker-compose/insecure/mariadb-with-cron/apache/app/Dockerfile b/.examples/docker-compose/insecure/mariadb-with-cron/apache/app/Dockerfile new file mode 100644 index 00000000..8c03a7c8 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-with-cron/apache/app/Dockerfile @@ -0,0 +1,3 @@ +FROM nextcloud:apache + +COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/insecure/mariadb-with-cron/apache/app/autoconfig.php b/.examples/docker-compose/insecure/mariadb-with-cron/apache/app/autoconfig.php new file mode 100644 index 00000000..ea7004e9 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-with-cron/apache/app/autoconfig.php @@ -0,0 +1,10 @@ + '/var/www/html/data', + 'dbtype' => 'mysql', + 'dbname' => getenv('MYSQL_DATABASE'), + 'dbuser' => getenv('MYSQL_USER'), + 'dbpass' => getenv('MYSQL_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/insecure/mariadb-with-cron/apache/db.env b/.examples/docker-compose/insecure/mariadb-with-cron/apache/db.env new file mode 100644 index 00000000..a4366057 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-with-cron/apache/db.env @@ -0,0 +1,3 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml new file mode 100644 index 00000000..25be02c9 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml @@ -0,0 +1,50 @@ +version: '3' + +services: + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + env_file: + - db.env + + app: + build: ./app + restart: always + ports: + - 8080:80 + volumes: + - nextcloud:/var/www/html + env_file: + - db.env + links: + - db + + cron: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + links: + - db + user: www-data + entrypoint: | + bash -c 'bash -s < '/var/www/html/data', + 'dbtype' => 'mysql', + 'dbname' => getenv('MYSQL_DATABASE'), + 'dbuser' => getenv('MYSQL_USER'), + 'dbpass' => getenv('MYSQL_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/insecure/mariadb-with-redis/apache/app/redis.config.php b/.examples/docker-compose/insecure/mariadb-with-redis/apache/app/redis.config.php new file mode 100644 index 00000000..b0cebe31 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-with-redis/apache/app/redis.config.php @@ -0,0 +1,8 @@ + '\OC\Memcache\Redis', + 'redis' => array( + 'host' => 'redis', + 'port' => 6379, + ), +); diff --git a/.examples/docker-compose/insecure/mariadb-with-redis/apache/db.env b/.examples/docker-compose/insecure/mariadb-with-redis/apache/db.env new file mode 100644 index 00000000..a4366057 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-with-redis/apache/db.env @@ -0,0 +1,3 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml new file mode 100644 index 00000000..f715bdb8 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml @@ -0,0 +1,33 @@ +version: '3' + +services: + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + env_file: + - db.env + + redis: + image: redis + restart: always + + app: + build: ./app + restart: always + ports: + - 8080:80 + volumes: + - nextcloud:/var/www/html + env_file: + - db.env + links: + - db + - redis + +volumes: + db: + nextcloud: diff --git a/.examples/docker-compose/insecure/mariadb/apache/app/Dockerfile b/.examples/docker-compose/insecure/mariadb/apache/app/Dockerfile new file mode 100644 index 00000000..8c03a7c8 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb/apache/app/Dockerfile @@ -0,0 +1,3 @@ +FROM nextcloud:apache + +COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/insecure/mariadb/apache/app/autoconfig.php b/.examples/docker-compose/insecure/mariadb/apache/app/autoconfig.php new file mode 100644 index 00000000..ea7004e9 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb/apache/app/autoconfig.php @@ -0,0 +1,10 @@ + '/var/www/html/data', + 'dbtype' => 'mysql', + 'dbname' => getenv('MYSQL_DATABASE'), + 'dbuser' => getenv('MYSQL_USER'), + 'dbpass' => getenv('MYSQL_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/insecure/mariadb/apache/db.env b/.examples/docker-compose/insecure/mariadb/apache/db.env new file mode 100644 index 00000000..a4366057 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb/apache/db.env @@ -0,0 +1,3 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml new file mode 100644 index 00000000..4f87dbbd --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml @@ -0,0 +1,28 @@ +version: '3' + +services: + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + env_file: + - db.env + + app: + build: ./app + restart: always + ports: + - 8080:80 + volumes: + - nextcloud:/var/www/html + env_file: + - db.env + links: + - db + +volumes: + db: + nextcloud: diff --git a/.examples/docker-compose/insecure/postgres/apache/app/Dockerfile b/.examples/docker-compose/insecure/postgres/apache/app/Dockerfile new file mode 100644 index 00000000..8c03a7c8 --- /dev/null +++ b/.examples/docker-compose/insecure/postgres/apache/app/Dockerfile @@ -0,0 +1,3 @@ +FROM nextcloud:apache + +COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/insecure/postgres/apache/app/autoconfig.php b/.examples/docker-compose/insecure/postgres/apache/app/autoconfig.php new file mode 100644 index 00000000..3ac9f944 --- /dev/null +++ b/.examples/docker-compose/insecure/postgres/apache/app/autoconfig.php @@ -0,0 +1,10 @@ + '/var/www/html/data', + 'dbtype' => 'pgsql', + 'dbname' => getenv('POSTGRES_DB'), + 'dbuser' => getenv('POSTGRES_USER'), + 'dbpass' => getenv('POSTGRES_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/insecure/postgres/apache/db.env b/.examples/docker-compose/insecure/postgres/apache/db.env new file mode 100644 index 00000000..41106cab --- /dev/null +++ b/.examples/docker-compose/insecure/postgres/apache/db.env @@ -0,0 +1,3 @@ +POSTGRES_PASSWORD= +POSTGRES_DB=nextcloud +POSTGRES_USER=nextcloud diff --git a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml new file mode 100644 index 00000000..fc0a2d0b --- /dev/null +++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml @@ -0,0 +1,26 @@ +version: '3' + +services: + db: + image: postgres + restart: always + volumes: + - db:/var/lib/postgresql/data + env_file: + - db.env + + app: + build: ./app + restart: always + ports: + - 8080:80 + volumes: + - nextcloud:/var/www/html + env_file: + - db.env + links: + - db + +volumes: + db: + nextcloud: From e87d8d121700557b977bc442a42de024e33b67a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Br=C3=BCckner?= Date: Wed, 2 Aug 2017 11:52:53 +0200 Subject: [PATCH 04/25] rework of docker-compose examples --- .examples/docker-compose.yml | 97 ------------------- .../with-nginx-proxy/apache/caching.php | 12 +++ .../apache/docker-compose.yml | 79 +++++++++++++++ .../with-nginx-proxy/apache/uploadsize.conf | 1 + .../with-nginx-proxy/fpm/caching.php | 12 +++ .../with-nginx-proxy/fpm/docker-compose.yml | 86 ++++++++++++++++ .../with-nginx-proxy/fpm}/nginx.conf | 0 .../with-nginx-proxy/fpm/uploadsize.conf | 1 + 8 files changed, 191 insertions(+), 97 deletions(-) delete mode 100644 .examples/docker-compose.yml create mode 100644 .examples/docker-compose/with-nginx-proxy/apache/caching.php create mode 100644 .examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml create mode 100644 .examples/docker-compose/with-nginx-proxy/apache/uploadsize.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/fpm/caching.php create mode 100644 .examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml rename .examples/{ => docker-compose/with-nginx-proxy/fpm}/nginx.conf (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/fpm/uploadsize.conf diff --git a/.examples/docker-compose.yml b/.examples/docker-compose.yml deleted file mode 100644 index 60167edc..00000000 --- a/.examples/docker-compose.yml +++ /dev/null @@ -1,97 +0,0 @@ -version: '2' -services: - proxy: - image: jwilder/nginx-proxy - container_name: proxy - ports: - - 80:80 - - 443:443 - volumes: - - ./proxy/conf.d:/etc/nginx/conf.d - - ./proxy/vhost.d:/etc/nginx/vhost.d - - ./proxy/html:/usr/share/nginx/html - - ./proxy/certs:/etc/nginx/certs:ro - - /var/run/docker.sock:/tmp/docker.sock:ro - networks: - - proxy-tier - restart: always - - letsencrypt-companion: - image: alastaircoote/docker-letsencrypt-nginx-proxy-companion - container_name: letsencrypt-companion - volumes_from: - - proxy - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - ./proxy/certs:/etc/nginx/certs:rw - restart: always - - web: - image: nginx - container_name: nextcloud_webserver - volumes: - - ./nginx.conf:/etc/nginx/nginx.conf:ro - links: - - app - - collabora - volumes_from: - - app - environment: - - VIRTUAL_HOST=${DOMAIN} - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=80 - - LETSENCRYPT_HOST=${DOMAIN} - - LETSENCRYPT_EMAIL= - networks: - - proxy-tier - restart: always - - app: - image: nextcloud:fpm - container_name: nextcloud_fpm - links: - - db - volumes: - - ./nextcloud/apps:/var/www/html/apps - - ./nextcloud/config:/var/www/html/config - - ./nextcloud/data:/var/www/html/data - networks: - - proxy-tier - restart: always - - db: - image: mariadb - container_name: db - volumes: - - ./nextcloud/db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_PASSWORD= - networks: - - proxy-tier - restart: always - - redis: - image: redis - container_name: redis - networks: - - proxy-tier - restart: always - - collabora: - image: collabora/code - container_name: collabora - cap_add: - - MKNOD - environment: - - domain=${DOMAIN} - networks: - - proxy-tier - restart: always - -networks: - proxy-tier: - external: - name: nginx-proxy diff --git a/.examples/docker-compose/with-nginx-proxy/apache/caching.php b/.examples/docker-compose/with-nginx-proxy/apache/caching.php new file mode 100644 index 00000000..d97c77c2 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/apache/caching.php @@ -0,0 +1,12 @@ + '\\OC\\Memcache\\APCu', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'filelocking.enabled' => 'true', + 'redis' => + array ( + 'host' => 'redis', + 'port' => 6379, + ), +); +?> diff --git a/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml new file mode 100644 index 00000000..a186b95b --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml @@ -0,0 +1,79 @@ +version: '3' + +volumes: + certs: + conf.d: + vhost.d: + html: + nextcloud: + db: + +networks: + proxy-tier: + +services: + proxy: + image: jwilder/nginx-proxy + ports: + - 80:80 + - 443:443 + volumes: + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:ro + - /var/run/docker.sock:/tmp/docker.sock:ro + - ./uploadsize.conf:/etc/nginx/conf.d/uploadsize.conf:ro + networks: + - proxy-tier + labels: + - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy + restart: always + + letsencrypt-companion: + image: jrcs/letsencrypt-nginx-proxy-companion + volumes: + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:rw + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - proxy-tier + restart: always + + app: + image: nextcloud:apache + volumes: + - nextcloud:/var/www/html + environment: + - VIRTUAL_HOST= + - LETSENCRYPT_HOST= + - LETSENCRYPT_EMAIL= + networks: + - proxy-tier + - default + restart: always + + db: + image: mariadb + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_PASSWORD= + restart: always + + redis: + image: redis + restart: always + + collabora: + image: collabora/code + cap_add: + - MKNOD + environment: + - domain= + restart: always diff --git a/.examples/docker-compose/with-nginx-proxy/apache/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/apache/uploadsize.conf new file mode 100644 index 00000000..8c1bc580 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/apache/uploadsize.conf @@ -0,0 +1 @@ +client_max_body_size 10g; diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/caching.php b/.examples/docker-compose/with-nginx-proxy/fpm/caching.php new file mode 100644 index 00000000..d97c77c2 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/caching.php @@ -0,0 +1,12 @@ + '\\OC\\Memcache\\APCu', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'filelocking.enabled' => 'true', + 'redis' => + array ( + 'host' => 'redis', + 'port' => 6379, + ), +); +?> diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml new file mode 100644 index 00000000..756ebcdb --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml @@ -0,0 +1,86 @@ +version: '3' + +volumes: + certs: + conf.d: + vhost.d: + html: + nextcloud: + db: + +networks: + proxy-tier: + +services: + proxy: + image: jwilder/nginx-proxy + ports: + - 80:80 + - 443:443 + volumes: + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:ro + - /var/run/docker.sock:/tmp/docker.sock:ro + - ./uploadsize.conf:/etc/nginx/conf.d/uploadsize.conf:ro + networks: + - proxy-tier + labels: + - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy + restart: always + + letsencrypt-companion: + image: jrcs/letsencrypt-nginx-proxy-companion + volumes: + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:rw + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - proxy-tier + restart: always + + web: + image: nginx + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf:ro + - nextcloud:/var/www/html + environment: + - VIRTUAL_HOST= + - LETSENCRYPT_HOST= + - LETSENCRYPT_EMAIL= + networks: + - proxy-tier + - default + restart: always + + app: + image: nextcloud:fpm + volumes: + - nextcloud:/var/www/html + restart: always + + db: + image: mariadb + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_PASSWORD= + restart: always + + redis: + image: redis + restart: always + + collabora: + image: collabora/code + cap_add: + - MKNOD + environment: + - domain= + restart: always diff --git a/.examples/nginx.conf b/.examples/docker-compose/with-nginx-proxy/fpm/nginx.conf similarity index 100% rename from .examples/nginx.conf rename to .examples/docker-compose/with-nginx-proxy/fpm/nginx.conf diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/fpm/uploadsize.conf new file mode 100644 index 00000000..8c1bc580 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/uploadsize.conf @@ -0,0 +1 @@ +client_max_body_size 10g; From 50b9eadbff868451dc4cd4294e3b0594120798dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Br=C3=BCckner?= Date: Wed, 2 Aug 2017 21:47:27 +0200 Subject: [PATCH 05/25] deleted redundant lines --- .examples/docker-compose/with-nginx-proxy/apache/caching.php | 1 - .examples/docker-compose/with-nginx-proxy/fpm/caching.php | 1 - 2 files changed, 2 deletions(-) diff --git a/.examples/docker-compose/with-nginx-proxy/apache/caching.php b/.examples/docker-compose/with-nginx-proxy/apache/caching.php index d97c77c2..9f8b5d2b 100644 --- a/.examples/docker-compose/with-nginx-proxy/apache/caching.php +++ b/.examples/docker-compose/with-nginx-proxy/apache/caching.php @@ -1,6 +1,5 @@ '\\OC\\Memcache\\APCu', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'filelocking.enabled' => 'true', 'redis' => diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/caching.php b/.examples/docker-compose/with-nginx-proxy/fpm/caching.php index d97c77c2..9f8b5d2b 100644 --- a/.examples/docker-compose/with-nginx-proxy/fpm/caching.php +++ b/.examples/docker-compose/with-nginx-proxy/fpm/caching.php @@ -1,6 +1,5 @@ '\\OC\\Memcache\\APCu', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'filelocking.enabled' => 'true', 'redis' => From ce5b8148861a64f5b840ec93c3eb38d1c3f7b6e5 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Tue, 8 Aug 2017 16:46:36 +0200 Subject: [PATCH 06/25] Add build tests for the example dockerfiles --- .travis.yml | 1 + .travis/test-example-dockerfiles.sh | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100755 .travis/test-example-dockerfiles.sh diff --git a/.travis.yml b/.travis.yml index 9850771e..ff0cc5ba 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,6 +20,7 @@ before_script: script: - travis_retry docker build -t "$image" "${VERSION}/${VARIANT}" - ~/official-images/test/run.sh "$image" + - .travis/test-example-dockerfiles.sh "$image" after_script: - docker images diff --git a/.travis/test-example-dockerfiles.sh b/.travis/test-example-dockerfiles.sh new file mode 100755 index 00000000..e86ed162 --- /dev/null +++ b/.travis/test-example-dockerfiles.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -e + +image="$1" + +cd .examples/dockerfiles + +dirs=( */ ) +dirs=( "${dirs[@]%/}" ) +for dir in "${dirs[@]}"; do + if [ -d "$dir/$VARIANT" ]; then + ( + cd "$dir/$VARIANT" + sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile' + docker build -t "$image-$dir" . + ~/official-images/test/run.sh "$image-$dir" + ) + fi +done From 53b8aabfe9327e9baa94c7f2efc6484789c6f21b Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Sun, 13 Aug 2017 12:20:45 +0200 Subject: [PATCH 07/25] Add mysql option --- .../insecure/mariadb-with-cron/apache/docker-compose.yml | 1 + .../insecure/mariadb-with-redis/apache/docker-compose.yml | 1 + .../docker-compose/insecure/mariadb/apache/docker-compose.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/.examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml index 25be02c9..48371206 100644 --- a/.examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml @@ -3,6 +3,7 @@ version: '3' services: db: image: mariadb + # image: mysql restart: always volumes: - db:/var/lib/mysql diff --git a/.examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml index f715bdb8..faf117ad 100644 --- a/.examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml @@ -3,6 +3,7 @@ version: '3' services: db: image: mariadb + # image: mysql restart: always volumes: - db:/var/lib/mysql diff --git a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml index 4f87dbbd..4c00c3c3 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml @@ -3,6 +3,7 @@ version: '3' services: db: image: mariadb + # image: mysql restart: always volumes: - db:/var/lib/mysql From 5f041a62494b942aa8547460685c7188fa04c344 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Sun, 13 Aug 2017 13:03:54 +0200 Subject: [PATCH 08/25] Merge cron and redis example --- .../apache/app/Dockerfile | 0 .../apache/app/autoconfig.php | 0 .../apache/app/redis.config.php | 0 .../apache/db.env | 0 .../apache/docker-compose.yml | 6 ++++ .../mariadb-with-cron/apache/app/Dockerfile | 3 -- .../apache/app/autoconfig.php | 10 ------ .../insecure/mariadb-with-redis/apache/db.env | 3 -- .../apache/docker-compose.yml | 34 ------------------- 9 files changed, 6 insertions(+), 50 deletions(-) rename .examples/docker-compose/insecure/{mariadb-with-redis => mariadb-cron-redis}/apache/app/Dockerfile (100%) rename .examples/docker-compose/insecure/{mariadb-with-cron => mariadb-cron-redis}/apache/app/autoconfig.php (100%) rename .examples/docker-compose/insecure/{mariadb-with-redis => mariadb-cron-redis}/apache/app/redis.config.php (100%) rename .examples/docker-compose/insecure/{mariadb-with-cron => mariadb-cron-redis}/apache/db.env (100%) rename .examples/docker-compose/insecure/{mariadb-with-cron => mariadb-cron-redis}/apache/docker-compose.yml (91%) delete mode 100644 .examples/docker-compose/insecure/mariadb-with-cron/apache/app/Dockerfile delete mode 100644 .examples/docker-compose/insecure/mariadb-with-redis/apache/app/autoconfig.php delete mode 100644 .examples/docker-compose/insecure/mariadb-with-redis/apache/db.env delete mode 100644 .examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml diff --git a/.examples/docker-compose/insecure/mariadb-with-redis/apache/app/Dockerfile b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile similarity index 100% rename from .examples/docker-compose/insecure/mariadb-with-redis/apache/app/Dockerfile rename to .examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile diff --git a/.examples/docker-compose/insecure/mariadb-with-cron/apache/app/autoconfig.php b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/autoconfig.php similarity index 100% rename from .examples/docker-compose/insecure/mariadb-with-cron/apache/app/autoconfig.php rename to .examples/docker-compose/insecure/mariadb-cron-redis/apache/app/autoconfig.php diff --git a/.examples/docker-compose/insecure/mariadb-with-redis/apache/app/redis.config.php b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/redis.config.php similarity index 100% rename from .examples/docker-compose/insecure/mariadb-with-redis/apache/app/redis.config.php rename to .examples/docker-compose/insecure/mariadb-cron-redis/apache/app/redis.config.php diff --git a/.examples/docker-compose/insecure/mariadb-with-cron/apache/db.env b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env similarity index 100% rename from .examples/docker-compose/insecure/mariadb-with-cron/apache/db.env rename to .examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env diff --git a/.examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml similarity index 91% rename from .examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml rename to .examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml index 48371206..f5ae21fc 100644 --- a/.examples/docker-compose/insecure/mariadb-with-cron/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml @@ -12,6 +12,10 @@ services: env_file: - db.env + redis: + image: redis + restart: always + app: build: ./app restart: always @@ -23,6 +27,7 @@ services: - db.env links: - db + - redis cron: build: ./app @@ -31,6 +36,7 @@ services: - nextcloud:/var/www/html links: - db + - redis user: www-data entrypoint: | bash -c 'bash -s < '/var/www/html/data', - 'dbtype' => 'mysql', - 'dbname' => getenv('MYSQL_DATABASE'), - 'dbuser' => getenv('MYSQL_USER'), - 'dbpass' => getenv('MYSQL_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/insecure/mariadb-with-redis/apache/db.env b/.examples/docker-compose/insecure/mariadb-with-redis/apache/db.env deleted file mode 100644 index a4366057..00000000 --- a/.examples/docker-compose/insecure/mariadb-with-redis/apache/db.env +++ /dev/null @@ -1,3 +0,0 @@ -MYSQL_PASSWORD= -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml deleted file mode 100644 index faf117ad..00000000 --- a/.examples/docker-compose/insecure/mariadb-with-redis/apache/docker-compose.yml +++ /dev/null @@ -1,34 +0,0 @@ -version: '3' - -services: - db: - image: mariadb - # image: mysql - restart: always - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD= - env_file: - - db.env - - redis: - image: redis - restart: always - - app: - build: ./app - restart: always - ports: - - 8080:80 - volumes: - - nextcloud:/var/www/html - env_file: - - db.env - links: - - db - - redis - -volumes: - db: - nextcloud: From 0ba11e9ca3820ce752435359de6029f21f7c60f4 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Sun, 13 Aug 2017 13:50:34 +0200 Subject: [PATCH 09/25] Remove unnecessary links --- .../insecure/mariadb-cron-redis/apache/docker-compose.yml | 6 ------ .../insecure/mariadb/apache/docker-compose.yml | 2 -- .../insecure/postgres/apache/docker-compose.yml | 2 -- 3 files changed, 10 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml index f5ae21fc..b5ba533e 100644 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml @@ -25,18 +25,12 @@ services: - nextcloud:/var/www/html env_file: - db.env - links: - - db - - redis cron: build: ./app restart: always volumes: - nextcloud:/var/www/html - links: - - db - - redis user: www-data entrypoint: | bash -c 'bash -s < Date: Sun, 13 Aug 2017 16:08:39 +0200 Subject: [PATCH 10/25] Add insecure docker-compose examples for fpm --- .../mariadb-cron-redis/fpm/app/Dockerfile | 5 + .../mariadb-cron-redis/fpm/app/autoconfig.php | 10 ++ .../fpm/app/redis.config.php | 8 + .../insecure/mariadb-cron-redis/fpm/db.env | 3 + .../mariadb-cron-redis/fpm/docker-compose.yml | 58 +++++++ .../mariadb-cron-redis/fpm/nginx.conf | 154 ++++++++++++++++++ .../insecure/mariadb/fpm/app/Dockerfile | 3 + .../insecure/mariadb/fpm/app/autoconfig.php | 10 ++ .../insecure/mariadb/fpm/db.env | 3 + .../insecure/mariadb/fpm/docker-compose.yml | 34 ++++ .../insecure/mariadb/fpm/nginx.conf | 154 ++++++++++++++++++ .../insecure/postgres/fpm/app/Dockerfile | 3 + .../insecure/postgres/fpm/app/autoconfig.php | 10 ++ .../insecure/postgres/fpm/db.env | 3 + .../insecure/postgres/fpm/docker-compose.yml | 31 ++++ .../insecure/postgres/fpm/nginx.conf | 154 ++++++++++++++++++ 16 files changed, 643 insertions(+) create mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile create mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/autoconfig.php create mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php create mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env create mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml create mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/nginx.conf create mode 100644 .examples/docker-compose/insecure/mariadb/fpm/app/Dockerfile create mode 100644 .examples/docker-compose/insecure/mariadb/fpm/app/autoconfig.php create mode 100644 .examples/docker-compose/insecure/mariadb/fpm/db.env create mode 100644 .examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml create mode 100644 .examples/docker-compose/insecure/mariadb/fpm/nginx.conf create mode 100644 .examples/docker-compose/insecure/postgres/fpm/app/Dockerfile create mode 100644 .examples/docker-compose/insecure/postgres/fpm/app/autoconfig.php create mode 100644 .examples/docker-compose/insecure/postgres/fpm/db.env create mode 100644 .examples/docker-compose/insecure/postgres/fpm/docker-compose.yml create mode 100644 .examples/docker-compose/insecure/postgres/fpm/nginx.conf diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile new file mode 100644 index 00000000..f9a41f56 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile @@ -0,0 +1,5 @@ +FROM nextcloud:fpm + +COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php + +COPY redis.config.php /usr/src/nextcloud/config/redis.config.php diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/autoconfig.php b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/autoconfig.php new file mode 100644 index 00000000..ea7004e9 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/autoconfig.php @@ -0,0 +1,10 @@ + '/var/www/html/data', + 'dbtype' => 'mysql', + 'dbname' => getenv('MYSQL_DATABASE'), + 'dbuser' => getenv('MYSQL_USER'), + 'dbpass' => getenv('MYSQL_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php new file mode 100644 index 00000000..b0cebe31 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php @@ -0,0 +1,8 @@ + '\OC\Memcache\Redis', + 'redis' => array( + 'host' => 'redis', + 'port' => 6379, + ), +); diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env new file mode 100644 index 00000000..a4366057 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env @@ -0,0 +1,3 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml new file mode 100644 index 00000000..ce557947 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml @@ -0,0 +1,58 @@ +version: '3' + +services: + db: + image: mariadb + # image: mysql + restart: always + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + env_file: + - db.env + + redis: + image: redis + restart: always + + app: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + env_file: + - db.env + + web: + image: nginx + restart: always + ports: + - 8080:80 + volumes: + - nextcloud:/var/www/html:ro + - ./nginx.conf:/etc/nginx/nginx.conf:ro + + cron: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + user: www-data + entrypoint: | + bash -c 'bash -s < '/var/www/html/data', + 'dbtype' => 'mysql', + 'dbname' => getenv('MYSQL_DATABASE'), + 'dbuser' => getenv('MYSQL_USER'), + 'dbpass' => getenv('MYSQL_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/insecure/mariadb/fpm/db.env b/.examples/docker-compose/insecure/mariadb/fpm/db.env new file mode 100644 index 00000000..a4366057 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb/fpm/db.env @@ -0,0 +1,3 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml new file mode 100644 index 00000000..9ae7c155 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml @@ -0,0 +1,34 @@ +version: '3' + +services: + db: + image: mariadb + # image: mysql + restart: always + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + env_file: + - db.env + + app: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + env_file: + - db.env + + web: + image: nginx + restart: always + ports: + - 8080:80 + volumes: + - nextcloud:/var/www/html:ro + - ./nginx.conf:/etc/nginx/nginx.conf:ro + +volumes: + db: + nextcloud: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/nginx.conf new file mode 100644 index 00000000..c23a7707 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb/fpm/nginx.conf @@ -0,0 +1,154 @@ +user www-data; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + root /var/www/html; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # The following 2 rules are only needed for the user_webfinger app. + # Uncomment it if you're planning to use this app. + #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json + # last; + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Uncomment if your server is build with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + # fastcgi_param HTTPS on; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff|svg|gif)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=15778463"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + # Optional: Don't log access to other assets + access_log off; + } + } + +} diff --git a/.examples/docker-compose/insecure/postgres/fpm/app/Dockerfile b/.examples/docker-compose/insecure/postgres/fpm/app/Dockerfile new file mode 100644 index 00000000..d1d1f807 --- /dev/null +++ b/.examples/docker-compose/insecure/postgres/fpm/app/Dockerfile @@ -0,0 +1,3 @@ +FROM nextcloud:fpm + +COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/insecure/postgres/fpm/app/autoconfig.php b/.examples/docker-compose/insecure/postgres/fpm/app/autoconfig.php new file mode 100644 index 00000000..3ac9f944 --- /dev/null +++ b/.examples/docker-compose/insecure/postgres/fpm/app/autoconfig.php @@ -0,0 +1,10 @@ + '/var/www/html/data', + 'dbtype' => 'pgsql', + 'dbname' => getenv('POSTGRES_DB'), + 'dbuser' => getenv('POSTGRES_USER'), + 'dbpass' => getenv('POSTGRES_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/insecure/postgres/fpm/db.env b/.examples/docker-compose/insecure/postgres/fpm/db.env new file mode 100644 index 00000000..41106cab --- /dev/null +++ b/.examples/docker-compose/insecure/postgres/fpm/db.env @@ -0,0 +1,3 @@ +POSTGRES_PASSWORD= +POSTGRES_DB=nextcloud +POSTGRES_USER=nextcloud diff --git a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml new file mode 100644 index 00000000..b3b0d3ab --- /dev/null +++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml @@ -0,0 +1,31 @@ +version: '3' + +services: + db: + image: postgres + restart: always + volumes: + - db:/var/lib/postgresql/data + env_file: + - db.env + + app: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + env_file: + - db.env + + web: + image: nginx + restart: always + ports: + - 8080:80 + volumes: + - nextcloud:/var/www/html:ro + - ./nginx.conf:/etc/nginx/nginx.conf:ro + +volumes: + db: + nextcloud: diff --git a/.examples/docker-compose/insecure/postgres/fpm/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/nginx.conf new file mode 100644 index 00000000..c23a7707 --- /dev/null +++ b/.examples/docker-compose/insecure/postgres/fpm/nginx.conf @@ -0,0 +1,154 @@ +user www-data; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + root /var/www/html; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # The following 2 rules are only needed for the user_webfinger app. + # Uncomment it if you're planning to use this app. + #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json + # last; + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Uncomment if your server is build with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + # fastcgi_param HTTPS on; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff|svg|gif)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=15778463"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + # Optional: Don't log access to other assets + access_log off; + } + } + +} From b120af8e7f8a150ca01cc847753579987364c55a Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Mon, 14 Aug 2017 15:32:08 +0200 Subject: [PATCH 11/25] Add Dockerfile for nginx --- .../insecure/mariadb-cron-redis/fpm/docker-compose.yml | 3 +-- .../insecure/mariadb-cron-redis/fpm/web/Dockerfile | 3 +++ .../insecure/mariadb-cron-redis/fpm/{ => web}/nginx.conf | 0 .../docker-compose/insecure/mariadb/fpm/docker-compose.yml | 3 +-- .examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile | 3 +++ .../docker-compose/insecure/mariadb/fpm/{ => web}/nginx.conf | 0 .../docker-compose/insecure/postgres/fpm/docker-compose.yml | 3 +-- .examples/docker-compose/insecure/postgres/fpm/web/Dockerfile | 3 +++ .../docker-compose/insecure/postgres/fpm/{ => web}/nginx.conf | 0 9 files changed, 12 insertions(+), 6 deletions(-) create mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile rename .examples/docker-compose/insecure/mariadb-cron-redis/fpm/{ => web}/nginx.conf (100%) create mode 100644 .examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile rename .examples/docker-compose/insecure/mariadb/fpm/{ => web}/nginx.conf (100%) create mode 100644 .examples/docker-compose/insecure/postgres/fpm/web/Dockerfile rename .examples/docker-compose/insecure/postgres/fpm/{ => web}/nginx.conf (100%) diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml index ce557947..f9a663c3 100644 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml @@ -25,13 +25,12 @@ services: - db.env web: - image: nginx + build: ./web restart: always ports: - 8080:80 volumes: - nextcloud:/var/www/html:ro - - ./nginx.conf:/etc/nginx/nginx.conf:ro cron: build: ./app diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile new file mode 100644 index 00000000..d6eac3e8 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx + +COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/nginx.conf b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf similarity index 100% rename from .examples/docker-compose/insecure/mariadb-cron-redis/fpm/nginx.conf rename to .examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf diff --git a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml index 9ae7c155..4bd01822 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml @@ -21,13 +21,12 @@ services: - db.env web: - image: nginx + build: ./web restart: always ports: - 8080:80 volumes: - nextcloud:/var/www/html:ro - - ./nginx.conf:/etc/nginx/nginx.conf:ro volumes: db: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile b/.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile new file mode 100644 index 00000000..d6eac3e8 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx + +COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/insecure/mariadb/fpm/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf similarity index 100% rename from .examples/docker-compose/insecure/mariadb/fpm/nginx.conf rename to .examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf diff --git a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml index b3b0d3ab..85f24587 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml @@ -18,13 +18,12 @@ services: - db.env web: - image: nginx + build: ./web restart: always ports: - 8080:80 volumes: - nextcloud:/var/www/html:ro - - ./nginx.conf:/etc/nginx/nginx.conf:ro volumes: db: diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile b/.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile new file mode 100644 index 00000000..d6eac3e8 --- /dev/null +++ b/.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx + +COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/insecure/postgres/fpm/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf similarity index 100% rename from .examples/docker-compose/insecure/postgres/fpm/nginx.conf rename to .examples/docker-compose/insecure/postgres/fpm/web/nginx.conf From 3c2f4b52e176fee88a848a273fd78f02494d6016 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Br=C3=BCckner?= Date: Wed, 16 Aug 2017 17:21:07 +0200 Subject: [PATCH 12/25] Use custom Dockerfiles instead of mounting files for remote docker #104 --- .../with-nginx-proxy/apache/app/Dockerfile | 4 ++++ .../with-nginx-proxy/apache/app/autoconfig.php | 10 ++++++++++ .../apache/{caching.php => app/redis.php} | 0 .../with-nginx-proxy/apache/db.env | 3 +++ .../with-nginx-proxy/apache/docker-compose.yml | 12 ++++++------ .../with-nginx-proxy/apache/proxy/Dockerfile | 3 +++ .../apache/{ => proxy}/uploadsize.conf | 0 .../with-nginx-proxy/fpm/app/Dockerfile | 4 ++++ .../with-nginx-proxy/fpm/app/autoconfig.php | 10 ++++++++++ .../fpm/{caching.php => app/redis.php} | 0 .../docker-compose/with-nginx-proxy/fpm/db.env | 3 +++ .../with-nginx-proxy/fpm/docker-compose.yml | 17 ++++++++--------- .../with-nginx-proxy/fpm/proxy/Dockerfile | 3 +++ .../fpm/{ => proxy}/uploadsize.conf | 0 .../with-nginx-proxy/fpm/web/Dockerfile | 3 +++ .../with-nginx-proxy/fpm/{ => web}/nginx.conf | 0 16 files changed, 57 insertions(+), 15 deletions(-) create mode 100644 .examples/docker-compose/with-nginx-proxy/apache/app/Dockerfile create mode 100644 .examples/docker-compose/with-nginx-proxy/apache/app/autoconfig.php rename .examples/docker-compose/with-nginx-proxy/apache/{caching.php => app/redis.php} (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/apache/db.env create mode 100644 .examples/docker-compose/with-nginx-proxy/apache/proxy/Dockerfile rename .examples/docker-compose/with-nginx-proxy/apache/{ => proxy}/uploadsize.conf (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/fpm/app/Dockerfile create mode 100644 .examples/docker-compose/with-nginx-proxy/fpm/app/autoconfig.php rename .examples/docker-compose/with-nginx-proxy/fpm/{caching.php => app/redis.php} (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/fpm/db.env create mode 100644 .examples/docker-compose/with-nginx-proxy/fpm/proxy/Dockerfile rename .examples/docker-compose/with-nginx-proxy/fpm/{ => proxy}/uploadsize.conf (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/fpm/web/Dockerfile rename .examples/docker-compose/with-nginx-proxy/fpm/{ => web}/nginx.conf (100%) diff --git a/.examples/docker-compose/with-nginx-proxy/apache/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/apache/app/Dockerfile new file mode 100644 index 00000000..2d54bc41 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/apache/app/Dockerfile @@ -0,0 +1,4 @@ +FROM nextcloud:apache + +COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php +COPY redis.php /usr/src/nextcloud/config/redis.php diff --git a/.examples/docker-compose/with-nginx-proxy/apache/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/apache/app/autoconfig.php new file mode 100644 index 00000000..ea7004e9 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/apache/app/autoconfig.php @@ -0,0 +1,10 @@ + '/var/www/html/data', + 'dbtype' => 'mysql', + 'dbname' => getenv('MYSQL_DATABASE'), + 'dbuser' => getenv('MYSQL_USER'), + 'dbpass' => getenv('MYSQL_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/with-nginx-proxy/apache/caching.php b/.examples/docker-compose/with-nginx-proxy/apache/app/redis.php similarity index 100% rename from .examples/docker-compose/with-nginx-proxy/apache/caching.php rename to .examples/docker-compose/with-nginx-proxy/apache/app/redis.php diff --git a/.examples/docker-compose/with-nginx-proxy/apache/db.env b/.examples/docker-compose/with-nginx-proxy/apache/db.env new file mode 100644 index 00000000..a4366057 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/apache/db.env @@ -0,0 +1,3 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml index a186b95b..ab550245 100644 --- a/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml @@ -13,7 +13,7 @@ networks: services: proxy: - image: jwilder/nginx-proxy + build: proxy ports: - 80:80 - 443:443 @@ -23,7 +23,6 @@ services: - html:/usr/share/nginx/html - certs:/etc/nginx/certs:ro - /var/run/docker.sock:/tmp/docker.sock:ro - - ./uploadsize.conf:/etc/nginx/conf.d/uploadsize.conf:ro networks: - proxy-tier labels: @@ -43,9 +42,11 @@ services: restart: always app: - image: nextcloud:apache + build: app volumes: - nextcloud:/var/www/html + env_file: + - db.env environment: - VIRTUAL_HOST= - LETSENCRYPT_HOST= @@ -61,9 +62,8 @@ services: - db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD= - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_PASSWORD= + env_file: + - db.env restart: always redis: diff --git a/.examples/docker-compose/with-nginx-proxy/apache/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/apache/proxy/Dockerfile new file mode 100644 index 00000000..242c84e1 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/apache/proxy/Dockerfile @@ -0,0 +1,3 @@ +FROM jwilder/nginx-proxy:alpine + +COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/apache/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/apache/proxy/uploadsize.conf similarity index 100% rename from .examples/docker-compose/with-nginx-proxy/apache/uploadsize.conf rename to .examples/docker-compose/with-nginx-proxy/apache/proxy/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/fpm/app/Dockerfile new file mode 100644 index 00000000..dfd3c8c8 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/app/Dockerfile @@ -0,0 +1,4 @@ +FROM nextcloud:fpm + +COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php +COPY redis.php /usr/src/nextcloud/config/redis.php diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/fpm/app/autoconfig.php new file mode 100644 index 00000000..ea7004e9 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/app/autoconfig.php @@ -0,0 +1,10 @@ + '/var/www/html/data', + 'dbtype' => 'mysql', + 'dbname' => getenv('MYSQL_DATABASE'), + 'dbuser' => getenv('MYSQL_USER'), + 'dbpass' => getenv('MYSQL_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/caching.php b/.examples/docker-compose/with-nginx-proxy/fpm/app/redis.php similarity index 100% rename from .examples/docker-compose/with-nginx-proxy/fpm/caching.php rename to .examples/docker-compose/with-nginx-proxy/fpm/app/redis.php diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/db.env b/.examples/docker-compose/with-nginx-proxy/fpm/db.env new file mode 100644 index 00000000..a4366057 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/db.env @@ -0,0 +1,3 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml index 756ebcdb..bbe5ec32 100644 --- a/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml @@ -13,7 +13,7 @@ networks: services: proxy: - image: jwilder/nginx-proxy + build: proxy ports: - 80:80 - 443:443 @@ -23,7 +23,6 @@ services: - html:/usr/share/nginx/html - certs:/etc/nginx/certs:ro - /var/run/docker.sock:/tmp/docker.sock:ro - - ./uploadsize.conf:/etc/nginx/conf.d/uploadsize.conf:ro networks: - proxy-tier labels: @@ -43,9 +42,8 @@ services: restart: always web: - image: nginx + build: web volumes: - - ./nginx.conf:/etc/nginx/nginx.conf:ro - nextcloud:/var/www/html environment: - VIRTUAL_HOST= @@ -57,7 +55,9 @@ services: restart: always app: - image: nextcloud:fpm + build: app + env_file: + - db.env volumes: - nextcloud:/var/www/html restart: always @@ -66,17 +66,16 @@ services: image: mariadb volumes: - db:/var/lib/mysql + env_file: + - db.env environment: - MYSQL_ROOT_PASSWORD= - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_PASSWORD= restart: always redis: image: redis restart: always - + collabora: image: collabora/code cap_add: diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/fpm/proxy/Dockerfile new file mode 100644 index 00000000..242c84e1 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/proxy/Dockerfile @@ -0,0 +1,3 @@ +FROM jwilder/nginx-proxy:alpine + +COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/fpm/proxy/uploadsize.conf similarity index 100% rename from .examples/docker-compose/with-nginx-proxy/fpm/uploadsize.conf rename to .examples/docker-compose/with-nginx-proxy/fpm/proxy/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/web/Dockerfile b/.examples/docker-compose/with-nginx-proxy/fpm/web/Dockerfile new file mode 100644 index 00000000..d6eac3e8 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/fpm/web/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx + +COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/nginx.conf b/.examples/docker-compose/with-nginx-proxy/fpm/web/nginx.conf similarity index 100% rename from .examples/docker-compose/with-nginx-proxy/fpm/nginx.conf rename to .examples/docker-compose/with-nginx-proxy/fpm/web/nginx.conf From 8ac5a78cf02a197d302a906fadbcd1ae07aae9d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Br=C3=BCckner?= Date: Wed, 16 Aug 2017 18:01:14 +0200 Subject: [PATCH 13/25] started Readme --- .examples/Readme.md | 49 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .examples/Readme.md diff --git a/.examples/Readme.md b/.examples/Readme.md new file mode 100644 index 00000000..c24b6f4c --- /dev/null +++ b/.examples/Readme.md @@ -0,0 +1,49 @@ +# Examples section + +In this subfolders are some examples how to use the docker image. There are two sections: + + * [`dockerfiles`](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles) + * [`docker-compose`] (https://github.com/nextcloud/docker/tree/master/.examples/docker-compose) + +The `dockerfiles` are derived images, that add or alter certain functionalities of the default docker images. In the `docker-compose` subfolder are examples for deployment of the application, including database, redis, collabora and other services. + +## Dockerfiles +The Dockerfiles use the default images as base image an build on top of it. + + +Example | Description +------- | ------- +[cron]() | uses supervisord to run the cron job inside the container (so no extra container is needed). +[imap]() | adds dependency to authentificate user via imap +[smb]() | adds dependency to use smb shares + + + + + +## docker-compose +In docker-compose examples additional services are added to create a complete nextcloud installation. The examples are designed to run out-of-the-box. +Before running the examples you have to open the `db.env` and docker-compose file and fill in appropriate passwords and your domain name(s). + + +**TODO: ADD INSECURE DESCRIPTION** + + +### with-nginx-proxy +The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine. +The advantage in adding this additional layer is the combination with a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling. +This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) gives you fully automated https encryption of your nextcloud installation without worrying about certificate generation, validation or renewal. + +To use this example complete the following steps: + +1. open docker-compose.yml + a. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=` + b. enter a valid email behind `LETSENCRYPT_EMAIL` + c. choose a root password for the database behin `MYSQL_ROOT_PASSWORD=` + d. enter your collabora domain behind `domain=` +2. choose a password for the database user nextcloud in `db.env`behind `MYSQL_PASSWORD` +3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles +4. start nextcloud with `docker-compose up -d` + + +If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4. From b9dbc29039421d34aaf2890b8ccc1c521dbbbc00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Br=C3=BCckner?= Date: Wed, 16 Aug 2017 18:05:22 +0200 Subject: [PATCH 14/25] Few typos --- .examples/Readme.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.examples/Readme.md b/.examples/Readme.md index c24b6f4c..437034ca 100644 --- a/.examples/Readme.md +++ b/.examples/Readme.md @@ -3,12 +3,12 @@ In this subfolders are some examples how to use the docker image. There are two sections: * [`dockerfiles`](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles) - * [`docker-compose`] (https://github.com/nextcloud/docker/tree/master/.examples/docker-compose) + * [`docker-compose`](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose) The `dockerfiles` are derived images, that add or alter certain functionalities of the default docker images. In the `docker-compose` subfolder are examples for deployment of the application, including database, redis, collabora and other services. ## Dockerfiles -The Dockerfiles use the default images as base image an build on top of it. +The Dockerfiles use the default images as base image and build on top of it. Example | Description @@ -22,8 +22,8 @@ Example | Description ## docker-compose -In docker-compose examples additional services are added to create a complete nextcloud installation. The examples are designed to run out-of-the-box. -Before running the examples you have to open the `db.env` and docker-compose file and fill in appropriate passwords and your domain name(s). +In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box. +Before running the examples you have to modify the `db.env` and `docker-compose` file and fill in your custum information. **TODO: ADD INSECURE DESCRIPTION** @@ -31,8 +31,8 @@ Before running the examples you have to open the `db.env` and docker-compose fil ### with-nginx-proxy The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine. -The advantage in adding this additional layer is the combination with a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling. -This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) gives you fully automated https encryption of your nextcloud installation without worrying about certificate generation, validation or renewal. +The advantage in adding this layer is the ability to add a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling. +This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal. To use this example complete the following steps: From 1d89df6da723fd42f33d90a5480dad0a61943021 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Br=C3=BCckner?= Date: Wed, 16 Aug 2017 18:07:16 +0200 Subject: [PATCH 15/25] List formatting --- .examples/Readme.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.examples/Readme.md b/.examples/Readme.md index 437034ca..3268d8e1 100644 --- a/.examples/Readme.md +++ b/.examples/Readme.md @@ -37,10 +37,10 @@ This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-p To use this example complete the following steps: 1. open docker-compose.yml - a. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=` - b. enter a valid email behind `LETSENCRYPT_EMAIL` - c. choose a root password for the database behin `MYSQL_ROOT_PASSWORD=` - d. enter your collabora domain behind `domain=` + 1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=` + 2. enter a valid email behind `LETSENCRYPT_EMAIL` + 3. choose a root password for the database behin `MYSQL_ROOT_PASSWORD=` + 4. enter your collabora domain behind `domain=` 2. choose a password for the database user nextcloud in `db.env`behind `MYSQL_PASSWORD` 3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles 4. start nextcloud with `docker-compose up -d` From d14e45155a29e5b662512b2ef5db6cfac4cfef79 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Wed, 16 Aug 2017 18:25:16 +0200 Subject: [PATCH 16/25] Fix Typos --- .examples/{Readme.md => README.md} | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) rename .examples/{Readme.md => README.md} (88%) diff --git a/.examples/Readme.md b/.examples/README.md similarity index 88% rename from .examples/Readme.md rename to .examples/README.md index 3268d8e1..d240499e 100644 --- a/.examples/Readme.md +++ b/.examples/README.md @@ -13,9 +13,9 @@ The Dockerfiles use the default images as base image and build on top of it. Example | Description ------- | ------- -[cron]() | uses supervisord to run the cron job inside the container (so no extra container is needed). -[imap]() | adds dependency to authentificate user via imap -[smb]() | adds dependency to use smb shares +[cron]() | uses supervisor to run the cron job inside the container (so no extra container is needed). +[imap]() | adds dependencies required to authenticate users via imap +[smb]() | adds dependencies required to use smb shares @@ -23,7 +23,7 @@ Example | Description ## docker-compose In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box. -Before running the examples you have to modify the `db.env` and `docker-compose` file and fill in your custum information. +Before running the examples you have to modify the `db.env` and `docker-compose` file and fill in your custom information. **TODO: ADD INSECURE DESCRIPTION** From c957bcd3e0167ce574ae03ef3c038bb12eb9894b Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Wed, 16 Aug 2017 18:34:01 +0200 Subject: [PATCH 17/25] Add links to Dockerfiles --- .examples/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.examples/README.md b/.examples/README.md index d240499e..c0a3f1d2 100644 --- a/.examples/README.md +++ b/.examples/README.md @@ -13,9 +13,9 @@ The Dockerfiles use the default images as base image and build on top of it. Example | Description ------- | ------- -[cron]() | uses supervisor to run the cron job inside the container (so no extra container is needed). -[imap]() | adds dependencies required to authenticate users via imap -[smb]() | adds dependencies required to use smb shares +[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed). +[imap](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/imap) | adds dependencies required to authenticate users via imap +[smb](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb) | adds dependencies required to use smb shares From e3e9b8f0e9784fd3aa67cf206cdb1b5ec24e4226 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Wed, 16 Aug 2017 18:37:32 +0200 Subject: [PATCH 18/25] Add file extension --- .examples/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.examples/README.md b/.examples/README.md index c0a3f1d2..0f861e83 100644 --- a/.examples/README.md +++ b/.examples/README.md @@ -23,7 +23,7 @@ Example | Description ## docker-compose In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box. -Before running the examples you have to modify the `db.env` and `docker-compose` file and fill in your custom information. +Before running the examples you have to modify the `db.env` and `docker-compose.yml` file and fill in your custom information. **TODO: ADD INSECURE DESCRIPTION** From 72c22b1a83ab63bd7137e9abe32350c303437180 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Br=C3=BCckner?= Date: Wed, 16 Aug 2017 23:24:14 +0200 Subject: [PATCH 19/25] additions --- .examples/README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.examples/README.md b/.examples/README.md index 0f861e83..4dff0e31 100644 --- a/.examples/README.md +++ b/.examples/README.md @@ -25,6 +25,8 @@ Example | Description In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box. Before running the examples you have to modify the `db.env` and `docker-compose.yml` file and fill in your custom information. +The docker-compose examples make heavily use of dereived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker-compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `docker-compose.yml` file. + **TODO: ADD INSECURE DESCRIPTION** @@ -36,12 +38,12 @@ This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-p To use this example complete the following steps: -1. open docker-compose.yml +1. open `docker-compose.yml` 1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=` - 2. enter a valid email behind `LETSENCRYPT_EMAIL` - 3. choose a root password for the database behin `MYSQL_ROOT_PASSWORD=` + 2. enter a valid email behind `LETSENCRYPT_EMAIL=` + 3. choose a root password for the database behind `MYSQL_ROOT_PASSWORD=` 4. enter your collabora domain behind `domain=` -2. choose a password for the database user nextcloud in `db.env`behind `MYSQL_PASSWORD` +2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` 3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles 4. start nextcloud with `docker-compose up -d` From 01dd1a93f155063cafff99e9014c74a9988f5009 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Wed, 16 Aug 2017 20:57:33 +0200 Subject: [PATCH 20/25] Add depends_on --- .../insecure/mariadb-cron-redis/apache/docker-compose.yml | 6 ++++++ .../insecure/mariadb-cron-redis/fpm/docker-compose.yml | 8 ++++++++ .../insecure/mariadb/apache/docker-compose.yml | 2 ++ .../insecure/mariadb/fpm/docker-compose.yml | 4 ++++ .../insecure/postgres/apache/docker-compose.yml | 2 ++ .../insecure/postgres/fpm/docker-compose.yml | 4 ++++ 6 files changed, 26 insertions(+) diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml index b5ba533e..8b85c4dd 100644 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml @@ -25,6 +25,9 @@ services: - nextcloud:/var/www/html env_file: - db.env + depends_on: + - db + - redis cron: build: ./app @@ -45,6 +48,9 @@ services: sleep 15m done EOF' + depends_on: + - db + - redis volumes: db: diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml index f9a663c3..d595531e 100644 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml @@ -23,6 +23,9 @@ services: - nextcloud:/var/www/html env_file: - db.env + depends_on: + - db + - redis web: build: ./web @@ -31,6 +34,8 @@ services: - 8080:80 volumes: - nextcloud:/var/www/html:ro + depends_on: + - app cron: build: ./app @@ -51,6 +56,9 @@ services: sleep 15m done EOF' + depends_on: + - db + - redis volumes: db: diff --git a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml index 475032ce..13a910fa 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml @@ -21,6 +21,8 @@ services: - nextcloud:/var/www/html env_file: - db.env + depends_on: + - db volumes: db: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml index 4bd01822..e0c4a2ee 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml @@ -19,6 +19,8 @@ services: - nextcloud:/var/www/html env_file: - db.env + depends_on: + - db web: build: ./web @@ -27,6 +29,8 @@ services: - 8080:80 volumes: - nextcloud:/var/www/html:ro + depends_on: + - app volumes: db: diff --git a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml index bfadd603..3043a59f 100644 --- a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml @@ -18,6 +18,8 @@ services: - nextcloud:/var/www/html env_file: - db.env + depends_on: + - db volumes: db: diff --git a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml index 85f24587..4df0a790 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml @@ -16,6 +16,8 @@ services: - nextcloud:/var/www/html env_file: - db.env + depends_on: + - db web: build: ./web @@ -24,6 +26,8 @@ services: - 8080:80 volumes: - nextcloud:/var/www/html:ro + depends_on: + - app volumes: db: From 4fbd273cb0a088b070a61411084ede9a80a9679b Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Fri, 25 Aug 2017 17:18:25 +0200 Subject: [PATCH 21/25] Add more examples with proxy --- .../with-nginx-proxy/apache/app/redis.php | 11 -- .../with-nginx-proxy/fpm/app/redis.php | 11 -- .../with-nginx-proxy/fpm/web/nginx.conf | 110 ------------- .../mariadb-cron-redis/apache/app/Dockerfile | 5 + .../apache/app/autoconfig.php | 0 .../apache/app/redis.config.php | 8 + .../{ => mariadb-cron-redis}/apache/db.env | 0 .../apache/docker-compose.yml | 100 ++++++++++++ .../apache/proxy/Dockerfile | 0 .../apache/proxy/uploadsize.conf | 0 .../mariadb-cron-redis/fpm/app/Dockerfile | 5 + .../fpm/app/autoconfig.php | 0 .../fpm/app/redis.config.php | 8 + .../{ => mariadb-cron-redis}/fpm/db.env | 0 .../mariadb-cron-redis/fpm/docker-compose.yml | 108 ++++++++++++ .../fpm/proxy/Dockerfile | 0 .../fpm/proxy/uploadsize.conf | 0 .../fpm/web/Dockerfile | 0 .../mariadb-cron-redis/fpm/web/nginx.conf | 154 ++++++++++++++++++ .../{ => mariadb}/apache/app/Dockerfile | 1 - .../mariadb/apache/app/autoconfig.php | 10 ++ .../with-nginx-proxy/mariadb/apache/db.env | 3 + .../{ => mariadb}/apache/docker-compose.yml | 121 +++++++------- .../mariadb/apache/proxy/Dockerfile | 3 + .../mariadb/apache/proxy/uploadsize.conf | 1 + .../{ => mariadb}/fpm/app/Dockerfile | 1 - .../mariadb/fpm/app/autoconfig.php | 10 ++ .../with-nginx-proxy/mariadb/fpm/db.env | 3 + .../{ => mariadb}/fpm/docker-compose.yml | 125 +++++++------- .../mariadb/fpm/proxy/Dockerfile | 3 + .../mariadb/fpm/proxy/uploadsize.conf | 1 + .../mariadb/fpm/web/Dockerfile | 3 + .../mariadb/fpm/web/nginx.conf | 154 ++++++++++++++++++ .../postgres/apache/app/Dockerfile | 3 + .../postgres/apache/app/autoconfig.php | 10 ++ .../with-nginx-proxy/postgres/apache/db.env | 3 + .../postgres/apache/docker-compose.yml | 69 ++++++++ .../postgres/apache/proxy/Dockerfile | 3 + .../postgres/apache/proxy/uploadsize.conf | 1 + .../postgres/fpm/app/Dockerfile | 3 + .../postgres/fpm/app/autoconfig.php | 10 ++ .../with-nginx-proxy/postgres/fpm/db.env | 3 + .../postgres/fpm/docker-compose.yml | 78 +++++++++ .../postgres/fpm/proxy/Dockerfile | 3 + .../postgres/fpm/proxy/uploadsize.conf | 1 + .../postgres/fpm/web/Dockerfile | 3 + .../postgres/fpm/web/nginx.conf | 154 ++++++++++++++++++ 47 files changed, 1040 insertions(+), 263 deletions(-) delete mode 100644 .examples/docker-compose/with-nginx-proxy/apache/app/redis.php delete mode 100644 .examples/docker-compose/with-nginx-proxy/fpm/app/redis.php delete mode 100644 .examples/docker-compose/with-nginx-proxy/fpm/web/nginx.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile rename .examples/docker-compose/with-nginx-proxy/{ => mariadb-cron-redis}/apache/app/autoconfig.php (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php rename .examples/docker-compose/with-nginx-proxy/{ => mariadb-cron-redis}/apache/db.env (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml rename .examples/docker-compose/with-nginx-proxy/{ => mariadb-cron-redis}/apache/proxy/Dockerfile (100%) rename .examples/docker-compose/with-nginx-proxy/{ => mariadb-cron-redis}/apache/proxy/uploadsize.conf (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile rename .examples/docker-compose/with-nginx-proxy/{ => mariadb-cron-redis}/fpm/app/autoconfig.php (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/redis.config.php rename .examples/docker-compose/with-nginx-proxy/{ => mariadb-cron-redis}/fpm/db.env (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml rename .examples/docker-compose/with-nginx-proxy/{ => mariadb-cron-redis}/fpm/proxy/Dockerfile (100%) rename .examples/docker-compose/with-nginx-proxy/{ => mariadb-cron-redis}/fpm/proxy/uploadsize.conf (100%) rename .examples/docker-compose/with-nginx-proxy/{ => mariadb-cron-redis}/fpm/web/Dockerfile (100%) create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf rename .examples/docker-compose/with-nginx-proxy/{ => mariadb}/apache/app/Dockerfile (62%) create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/apache/app/autoconfig.php create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/apache/db.env rename .examples/docker-compose/with-nginx-proxy/{ => mariadb}/apache/docker-compose.yml (78%) create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf rename .examples/docker-compose/with-nginx-proxy/{ => mariadb}/fpm/app/Dockerfile (61%) create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/autoconfig.php create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/fpm/db.env rename .examples/docker-compose/with-nginx-proxy/{ => mariadb}/fpm/docker-compose.yml (76%) create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile create mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/apache/app/Dockerfile create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/apache/app/autoconfig.php create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/apache/db.env create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/app/Dockerfile create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/app/autoconfig.php create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/db.env create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile create mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf diff --git a/.examples/docker-compose/with-nginx-proxy/apache/app/redis.php b/.examples/docker-compose/with-nginx-proxy/apache/app/redis.php deleted file mode 100644 index 9f8b5d2b..00000000 --- a/.examples/docker-compose/with-nginx-proxy/apache/app/redis.php +++ /dev/null @@ -1,11 +0,0 @@ - '\\OC\\Memcache\\Redis', - 'filelocking.enabled' => 'true', - 'redis' => - array ( - 'host' => 'redis', - 'port' => 6379, - ), -); -?> diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/app/redis.php b/.examples/docker-compose/with-nginx-proxy/fpm/app/redis.php deleted file mode 100644 index 9f8b5d2b..00000000 --- a/.examples/docker-compose/with-nginx-proxy/fpm/app/redis.php +++ /dev/null @@ -1,11 +0,0 @@ - '\\OC\\Memcache\\Redis', - 'filelocking.enabled' => 'true', - 'redis' => - array ( - 'host' => 'redis', - 'port' => 6379, - ), -); -?> diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/fpm/web/nginx.conf deleted file mode 100644 index 40b0975a..00000000 --- a/.examples/docker-compose/with-nginx-proxy/fpm/web/nginx.conf +++ /dev/null @@ -1,110 +0,0 @@ -user www-data; - -events { - worker_connections 768; -} - -http { - upstream backend { - server app:9000; - } - include /etc/nginx/mime.types; - default_type application/octet-stream; - - server { - listen 80; - - # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - - root /var/www/html; - client_max_body_size 10G; # 0=unlimited - set max upload size - fastcgi_buffers 64 4K; - - gzip off; - - index index.php; - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - - rewrite ^/.well-known/carddav /remote.php/dav/ permanent; - rewrite ^/.well-known/caldav /remote.php/dav/ permanent; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { - deny all; - } - - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location / { - rewrite ^/remote/(.*) /remote.php last; - rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; - try_files $uri $uri/ =404; - } - - location ~ \.php(?:$|/) { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice - fastcgi_pass backend; - fastcgi_intercept_errors on; - } - - # Adding the cache control header for js and css files - # Make sure it is BELOW the location ~ \.php(?:$|/) { block - location ~* \.(?:css|js)$ { - add_header Cache-Control "public, max-age=7200"; - # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - # Optional: Don't log access to assets - access_log off; - } - - # Optional: Don't log access to other assets - location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { - access_log off; - } - - # collabora static files - location ^~ /loleaflet { - proxy_pass https://collabora:9980; - proxy_set_header Host $http_host; - } - - # collabora WOPI discovery URL - location ^~ /hosting/discovery { - proxy_pass https://collabora:9980; - proxy_set_header Host $http_host; - } - - # collabora websockets, download, presentation and image upload - location ^~ /lool { - proxy_pass https://collabora:9980; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $http_host; - } - } -} diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile new file mode 100644 index 00000000..00598dd4 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile @@ -0,0 +1,5 @@ +FROM nextcloud:apache + +COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php + +COPY redis.config.php /usr/src/nextcloud/config/redis.config.php diff --git a/.examples/docker-compose/with-nginx-proxy/apache/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/autoconfig.php similarity index 100% rename from .examples/docker-compose/with-nginx-proxy/apache/app/autoconfig.php rename to .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/autoconfig.php diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php new file mode 100644 index 00000000..b0cebe31 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php @@ -0,0 +1,8 @@ + '\OC\Memcache\Redis', + 'redis' => array( + 'host' => 'redis', + 'port' => 6379, + ), +); diff --git a/.examples/docker-compose/with-nginx-proxy/apache/db.env b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env similarity index 100% rename from .examples/docker-compose/with-nginx-proxy/apache/db.env rename to .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml new file mode 100644 index 00000000..80e32998 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml @@ -0,0 +1,100 @@ +version: '3' + +services: + db: + image: mariadb + # image: mysql + restart: always + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + env_file: + - db.env + + redis: + image: redis + restart: always + + app: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + environment: + - VIRTUAL_HOST= + - LETSENCRYPT_HOST= + - LETSENCRYPT_EMAIL= + env_file: + - db.env + depends_on: + - db + - redis + networks: + - proxy-tier + - default + + cron: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + user: www-data + entrypoint: | + bash -c 'bash -s < '\OC\Memcache\Redis', + 'redis' => array( + 'host' => 'redis', + 'port' => 6379, + ), +); diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/db.env b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env similarity index 100% rename from .examples/docker-compose/with-nginx-proxy/fpm/db.env rename to .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml new file mode 100644 index 00000000..e1c3a17e --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml @@ -0,0 +1,108 @@ +version: '3' + +services: + db: + image: mariadb + # image: mysql + restart: always + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + env_file: + - db.env + + redis: + image: redis + restart: always + + app: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + env_file: + - db.env + depends_on: + - db + - redis + + web: + build: ./web + restart: always + volumes: + - nextcloud:/var/www/html:ro + environment: + - VIRTUAL_HOST= + - LETSENCRYPT_HOST= + - LETSENCRYPT_EMAIL= + depends_on: + - app + networks: + - proxy-tier + - default + + cron: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + user: www-data + entrypoint: | + bash -c 'bash -s < '/var/www/html/data', + 'dbtype' => 'mysql', + 'dbname' => getenv('MYSQL_DATABASE'), + 'dbuser' => getenv('MYSQL_USER'), + 'dbpass' => getenv('MYSQL_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/db.env b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/db.env new file mode 100644 index 00000000..a4366057 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/db.env @@ -0,0 +1,3 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml similarity index 78% rename from .examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml rename to .examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml index ab550245..264a9edb 100644 --- a/.examples/docker-compose/with-nginx-proxy/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml @@ -1,79 +1,72 @@ version: '3' -volumes: - certs: - conf.d: - vhost.d: - html: - nextcloud: - db: - -networks: - proxy-tier: - services: - proxy: - build: proxy - ports: - - 80:80 - - 443:443 - volumes: - - conf.d:/etc/nginx/conf.d - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - certs:/etc/nginx/certs:ro - - /var/run/docker.sock:/tmp/docker.sock:ro - networks: - - proxy-tier - labels: - - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy - restart: always - - letsencrypt-companion: - image: jrcs/letsencrypt-nginx-proxy-companion - volumes: - - conf.d:/etc/nginx/conf.d - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - certs:/etc/nginx/certs:rw - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - proxy-tier - restart: always - - app: - build: app - volumes: - - nextcloud:/var/www/html - env_file: - - db.env - environment: - - VIRTUAL_HOST= - - LETSENCRYPT_HOST= - - LETSENCRYPT_EMAIL= - networks: - - proxy-tier - - default - restart: always - db: image: mariadb + # image: mysql + restart: always volumes: - db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD= env_file: - db.env - restart: always - redis: - image: redis + app: + build: ./app restart: always - - collabora: - image: collabora/code - cap_add: - - MKNOD + volumes: + - nextcloud:/var/www/html environment: - - domain= + - VIRTUAL_HOST= + - LETSENCRYPT_HOST= + - LETSENCRYPT_EMAIL= + env_file: + - db.env + depends_on: + - db + networks: + - proxy-tier + - default + + proxy: + build: ./proxy restart: always + ports: + - 80:80 + - 443:443 + labels: + com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" + volumes: + - certs:/etc/nginx/certs:ro + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/tmp/docker.sock:ro + networks: + - proxy-tier + + letsencrypt-companion: + image: jrcs/letsencrypt-nginx-proxy-companion + restart: always + volumes: + - certs:/etc/nginx/certs + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - proxy-tier + depends_on: + - proxy + +volumes: + db: + nextcloud: + certs: + conf.d: + vhost.d: + html: + +networks: + proxy-tier: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile new file mode 100644 index 00000000..242c84e1 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile @@ -0,0 +1,3 @@ +FROM jwilder/nginx-proxy:alpine + +COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf new file mode 100644 index 00000000..8c1bc580 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf @@ -0,0 +1 @@ +client_max_body_size 10g; diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/Dockerfile similarity index 61% rename from .examples/docker-compose/with-nginx-proxy/fpm/app/Dockerfile rename to .examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/Dockerfile index dfd3c8c8..d1d1f807 100644 --- a/.examples/docker-compose/with-nginx-proxy/fpm/app/Dockerfile +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/Dockerfile @@ -1,4 +1,3 @@ FROM nextcloud:fpm COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php -COPY redis.php /usr/src/nextcloud/config/redis.php diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/autoconfig.php new file mode 100644 index 00000000..ea7004e9 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/autoconfig.php @@ -0,0 +1,10 @@ + '/var/www/html/data', + 'dbtype' => 'mysql', + 'dbname' => getenv('MYSQL_DATABASE'), + 'dbuser' => getenv('MYSQL_USER'), + 'dbpass' => getenv('MYSQL_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/db.env b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/db.env new file mode 100644 index 00000000..a4366057 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/db.env @@ -0,0 +1,3 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml similarity index 76% rename from .examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml rename to .examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml index bbe5ec32..35cdd33a 100644 --- a/.examples/docker-compose/with-nginx-proxy/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml @@ -1,85 +1,80 @@ version: '3' -volumes: - certs: - conf.d: - vhost.d: - html: - nextcloud: - db: - -networks: - proxy-tier: - services: - proxy: - build: proxy - ports: - - 80:80 - - 443:443 - volumes: - - conf.d:/etc/nginx/conf.d - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - certs:/etc/nginx/certs:ro - - /var/run/docker.sock:/tmp/docker.sock:ro - networks: - - proxy-tier - labels: - - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy + db: + image: mariadb + # image: mysql restart: always - - letsencrypt-companion: - image: jrcs/letsencrypt-nginx-proxy-companion volumes: - - conf.d:/etc/nginx/conf.d - - vhost.d:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - certs:/etc/nginx/certs:rw - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - proxy-tier - restart: always + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD= + env_file: + - db.env - web: - build: web + app: + build: ./app + restart: always volumes: - nextcloud:/var/www/html + env_file: + - db.env + depends_on: + - db + + web: + build: ./web + restart: always + volumes: + - nextcloud:/var/www/html:ro environment: - VIRTUAL_HOST= - LETSENCRYPT_HOST= - LETSENCRYPT_EMAIL= + depends_on: + - app networks: - proxy-tier - default - restart: always - app: - build: app - env_file: - - db.env + proxy: + build: ./proxy + restart: always + ports: + - 80:80 + - 443:443 + labels: + com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" volumes: - - nextcloud:/var/www/html - restart: always + - certs:/etc/nginx/certs:ro + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/tmp/docker.sock:ro + networks: + - proxy-tier + letsencrypt-companion: + image: jrcs/letsencrypt-nginx-proxy-companion + restart: always + volumes: + - certs:/etc/nginx/certs + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - proxy-tier + depends_on: + - proxy + +volumes: db: - image: mariadb - volumes: - - db:/var/lib/mysql - env_file: - - db.env - environment: - - MYSQL_ROOT_PASSWORD= - restart: always + nextcloud: + certs: + conf.d: + vhost.d: + html: - redis: - image: redis - restart: always - - collabora: - image: collabora/code - cap_add: - - MKNOD - environment: - - domain= - restart: always +networks: + proxy-tier: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile new file mode 100644 index 00000000..242c84e1 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile @@ -0,0 +1,3 @@ +FROM jwilder/nginx-proxy:alpine + +COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf new file mode 100644 index 00000000..8c1bc580 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf @@ -0,0 +1 @@ +client_max_body_size 10g; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile new file mode 100644 index 00000000..d6eac3e8 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx + +COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf new file mode 100644 index 00000000..c23a7707 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -0,0 +1,154 @@ +user www-data; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + root /var/www/html; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # The following 2 rules are only needed for the user_webfinger app. + # Uncomment it if you're planning to use this app. + #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json + # last; + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Uncomment if your server is build with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + # fastcgi_param HTTPS on; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff|svg|gif)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=15778463"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + # Optional: Don't log access to other assets + access_log off; + } + } + +} diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/Dockerfile new file mode 100644 index 00000000..8c03a7c8 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/Dockerfile @@ -0,0 +1,3 @@ +FROM nextcloud:apache + +COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/autoconfig.php new file mode 100644 index 00000000..3ac9f944 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/autoconfig.php @@ -0,0 +1,10 @@ + '/var/www/html/data', + 'dbtype' => 'pgsql', + 'dbname' => getenv('POSTGRES_DB'), + 'dbuser' => getenv('POSTGRES_USER'), + 'dbpass' => getenv('POSTGRES_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/db.env b/.examples/docker-compose/with-nginx-proxy/postgres/apache/db.env new file mode 100644 index 00000000..41106cab --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/db.env @@ -0,0 +1,3 @@ +POSTGRES_PASSWORD= +POSTGRES_DB=nextcloud +POSTGRES_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml new file mode 100644 index 00000000..c1a992da --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml @@ -0,0 +1,69 @@ +version: '3' + +services: + db: + image: postgres + restart: always + volumes: + - db:/var/lib/postgresql/data + env_file: + - db.env + + app: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + environment: + - VIRTUAL_HOST= + - LETSENCRYPT_HOST= + - LETSENCRYPT_EMAIL= + env_file: + - db.env + depends_on: + - db + networks: + - proxy-tier + - default + + proxy: + build: ./proxy + restart: always + ports: + - 80:80 + - 443:443 + labels: + com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" + volumes: + - certs:/etc/nginx/certs:ro + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/tmp/docker.sock:ro + networks: + - proxy-tier + + letsencrypt-companion: + image: jrcs/letsencrypt-nginx-proxy-companion + restart: always + volumes: + - certs:/etc/nginx/certs + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - proxy-tier + depends_on: + - proxy + +volumes: + db: + nextcloud: + certs: + conf.d: + vhost.d: + html: + +networks: + proxy-tier: diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile new file mode 100644 index 00000000..242c84e1 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile @@ -0,0 +1,3 @@ +FROM jwilder/nginx-proxy:alpine + +COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf new file mode 100644 index 00000000..8c1bc580 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf @@ -0,0 +1 @@ +client_max_body_size 10g; diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/Dockerfile new file mode 100644 index 00000000..d1d1f807 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/Dockerfile @@ -0,0 +1,3 @@ +FROM nextcloud:fpm + +COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/autoconfig.php new file mode 100644 index 00000000..3ac9f944 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/autoconfig.php @@ -0,0 +1,10 @@ + '/var/www/html/data', + 'dbtype' => 'pgsql', + 'dbname' => getenv('POSTGRES_DB'), + 'dbuser' => getenv('POSTGRES_USER'), + 'dbpass' => getenv('POSTGRES_PASSWORD'), + 'dbhost' => 'db', + 'dbtableprefix' => '', +); diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/db.env b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/db.env new file mode 100644 index 00000000..41106cab --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/db.env @@ -0,0 +1,3 @@ +POSTGRES_PASSWORD= +POSTGRES_DB=nextcloud +POSTGRES_USER=nextcloud diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml new file mode 100644 index 00000000..117f8e7b --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml @@ -0,0 +1,78 @@ +version: '3' + +services: + db: + image: postgres + restart: always + volumes: + - db:/var/lib/postgresql/data + env_file: + - db.env + + app: + build: ./app + restart: always + volumes: + - nextcloud:/var/www/html + env_file: + - db.env + depends_on: + - db + + web: + build: ./web + restart: always + volumes: + - nextcloud:/var/www/html:ro + environment: + - VIRTUAL_HOST= + - LETSENCRYPT_HOST= + - LETSENCRYPT_EMAIL= + depends_on: + - app + networks: + - proxy-tier + - default + + proxy: + build: ./proxy + restart: always + ports: + - 80:80 + - 443:443 + labels: + com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" + volumes: + - certs:/etc/nginx/certs:ro + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/tmp/docker.sock:ro + networks: + - proxy-tier + + letsencrypt-companion: + image: jrcs/letsencrypt-nginx-proxy-companion + restart: always + volumes: + - certs:/etc/nginx/certs + - conf.d:/etc/nginx/conf.d + - vhost.d:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - proxy-tier + depends_on: + - proxy + +volumes: + db: + nextcloud: + certs: + conf.d: + vhost.d: + html: + +networks: + proxy-tier: + diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile new file mode 100644 index 00000000..242c84e1 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile @@ -0,0 +1,3 @@ +FROM jwilder/nginx-proxy:alpine + +COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf new file mode 100644 index 00000000..8c1bc580 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf @@ -0,0 +1 @@ +client_max_body_size 10g; diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile new file mode 100644 index 00000000..d6eac3e8 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx + +COPY nginx.conf /etc/nginx/nginx.conf diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf new file mode 100644 index 00000000..c23a7707 --- /dev/null +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -0,0 +1,154 @@ +user www-data; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + root /var/www/html; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # The following 2 rules are only needed for the user_webfinger app. + # Uncomment it if you're planning to use this app. + #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json + # last; + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Uncomment if your server is build with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + # fastcgi_param HTTPS on; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff|svg|gif)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=15778463"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + # Optional: Don't log access to other assets + access_log off; + } + } + +} From 0548adf1c1055e4d06fd9f219399215ea32e65c9 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Tue, 5 Sep 2017 23:41:20 +0200 Subject: [PATCH 22/25] Use autoconfig.php provided by the image --- .../insecure/mariadb-cron-redis/apache/app/Dockerfile | 2 -- .../mariadb-cron-redis/apache/app/autoconfig.php | 10 ---------- .../mariadb-cron-redis/apache/docker-compose.yml | 2 ++ .../insecure/mariadb-cron-redis/fpm/app/Dockerfile | 2 -- .../insecure/mariadb-cron-redis/fpm/app/autoconfig.php | 10 ---------- .../insecure/mariadb-cron-redis/fpm/docker-compose.yml | 2 ++ .../insecure/mariadb/apache/app/Dockerfile | 3 --- .../insecure/mariadb/apache/app/autoconfig.php | 10 ---------- .../insecure/mariadb/apache/docker-compose.yml | 4 +++- .../docker-compose/insecure/mariadb/fpm/app/Dockerfile | 3 --- .../insecure/mariadb/fpm/app/autoconfig.php | 10 ---------- .../insecure/mariadb/fpm/docker-compose.yml | 4 +++- .../insecure/postgres/apache/app/Dockerfile | 3 --- .../insecure/postgres/apache/app/autoconfig.php | 10 ---------- .../insecure/postgres/apache/docker-compose.yml | 4 +++- .../insecure/postgres/fpm/app/Dockerfile | 3 --- .../insecure/postgres/fpm/app/autoconfig.php | 10 ---------- .../insecure/postgres/fpm/docker-compose.yml | 4 +++- .../mariadb-cron-redis/apache/app/Dockerfile | 2 -- .../mariadb-cron-redis/apache/app/autoconfig.php | 10 ---------- .../mariadb-cron-redis/apache/docker-compose.yml | 2 ++ .../mariadb-cron-redis/fpm/app/Dockerfile | 2 -- .../mariadb-cron-redis/fpm/app/autoconfig.php | 10 ---------- .../mariadb-cron-redis/fpm/docker-compose.yml | 2 ++ .../with-nginx-proxy/mariadb/apache/app/Dockerfile | 3 --- .../with-nginx-proxy/mariadb/apache/app/autoconfig.php | 10 ---------- .../with-nginx-proxy/mariadb/apache/docker-compose.yml | 4 +++- .../with-nginx-proxy/mariadb/fpm/app/Dockerfile | 3 --- .../with-nginx-proxy/mariadb/fpm/app/autoconfig.php | 10 ---------- .../with-nginx-proxy/mariadb/fpm/docker-compose.yml | 4 +++- .../with-nginx-proxy/postgres/apache/app/Dockerfile | 3 --- .../postgres/apache/app/autoconfig.php | 10 ---------- .../postgres/apache/docker-compose.yml | 4 +++- .../with-nginx-proxy/postgres/fpm/app/Dockerfile | 3 --- .../with-nginx-proxy/postgres/fpm/app/autoconfig.php | 10 ---------- .../with-nginx-proxy/postgres/fpm/docker-compose.yml | 4 +++- 36 files changed, 32 insertions(+), 160 deletions(-) delete mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/apache/app/autoconfig.php delete mode 100644 .examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/autoconfig.php delete mode 100644 .examples/docker-compose/insecure/mariadb/apache/app/Dockerfile delete mode 100644 .examples/docker-compose/insecure/mariadb/apache/app/autoconfig.php delete mode 100644 .examples/docker-compose/insecure/mariadb/fpm/app/Dockerfile delete mode 100644 .examples/docker-compose/insecure/mariadb/fpm/app/autoconfig.php delete mode 100644 .examples/docker-compose/insecure/postgres/apache/app/Dockerfile delete mode 100644 .examples/docker-compose/insecure/postgres/apache/app/autoconfig.php delete mode 100644 .examples/docker-compose/insecure/postgres/fpm/app/Dockerfile delete mode 100644 .examples/docker-compose/insecure/postgres/fpm/app/autoconfig.php delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/autoconfig.php delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/autoconfig.php delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/apache/app/Dockerfile delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/apache/app/autoconfig.php delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/Dockerfile delete mode 100644 .examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/autoconfig.php delete mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/apache/app/Dockerfile delete mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/apache/app/autoconfig.php delete mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/app/Dockerfile delete mode 100644 .examples/docker-compose/with-nginx-proxy/postgres/fpm/app/autoconfig.php diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile index 00598dd4..b55fb524 100644 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile @@ -1,5 +1,3 @@ FROM nextcloud:apache -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php - COPY redis.config.php /usr/src/nextcloud/config/redis.config.php diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/autoconfig.php b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/autoconfig.php deleted file mode 100644 index ea7004e9..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'mysql', - 'dbname' => getenv('MYSQL_DATABASE'), - 'dbuser' => getenv('MYSQL_USER'), - 'dbpass' => getenv('MYSQL_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml index 8b85c4dd..87760d6b 100644 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml @@ -23,6 +23,8 @@ services: - 8080:80 volumes: - nextcloud:/var/www/html + environment: + - MYSQL_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile index f9a41f56..4a111610 100644 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile @@ -1,5 +1,3 @@ FROM nextcloud:fpm -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php - COPY redis.config.php /usr/src/nextcloud/config/redis.config.php diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/autoconfig.php b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/autoconfig.php deleted file mode 100644 index ea7004e9..00000000 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'mysql', - 'dbname' => getenv('MYSQL_DATABASE'), - 'dbuser' => getenv('MYSQL_USER'), - 'dbpass' => getenv('MYSQL_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml index d595531e..f7b24473 100644 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml @@ -21,6 +21,8 @@ services: restart: always volumes: - nextcloud:/var/www/html + environment: + - MYSQL_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/insecure/mariadb/apache/app/Dockerfile b/.examples/docker-compose/insecure/mariadb/apache/app/Dockerfile deleted file mode 100644 index 8c03a7c8..00000000 --- a/.examples/docker-compose/insecure/mariadb/apache/app/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nextcloud:apache - -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/insecure/mariadb/apache/app/autoconfig.php b/.examples/docker-compose/insecure/mariadb/apache/app/autoconfig.php deleted file mode 100644 index ea7004e9..00000000 --- a/.examples/docker-compose/insecure/mariadb/apache/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'mysql', - 'dbname' => getenv('MYSQL_DATABASE'), - 'dbuser' => getenv('MYSQL_USER'), - 'dbpass' => getenv('MYSQL_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml index 13a910fa..4ea67755 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml @@ -13,12 +13,14 @@ services: - db.env app: - build: ./app + image: nextcloud:apache restart: always ports: - 8080:80 volumes: - nextcloud:/var/www/html + environment: + - MYSQL_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/app/Dockerfile b/.examples/docker-compose/insecure/mariadb/fpm/app/Dockerfile deleted file mode 100644 index d1d1f807..00000000 --- a/.examples/docker-compose/insecure/mariadb/fpm/app/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nextcloud:fpm - -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/insecure/mariadb/fpm/app/autoconfig.php b/.examples/docker-compose/insecure/mariadb/fpm/app/autoconfig.php deleted file mode 100644 index ea7004e9..00000000 --- a/.examples/docker-compose/insecure/mariadb/fpm/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'mysql', - 'dbname' => getenv('MYSQL_DATABASE'), - 'dbuser' => getenv('MYSQL_USER'), - 'dbpass' => getenv('MYSQL_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml index e0c4a2ee..dc3a8aaf 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml @@ -13,10 +13,12 @@ services: - db.env app: - build: ./app + image: nextcloud:fpm restart: always volumes: - nextcloud:/var/www/html + environment: + - MYSQL_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/insecure/postgres/apache/app/Dockerfile b/.examples/docker-compose/insecure/postgres/apache/app/Dockerfile deleted file mode 100644 index 8c03a7c8..00000000 --- a/.examples/docker-compose/insecure/postgres/apache/app/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nextcloud:apache - -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/insecure/postgres/apache/app/autoconfig.php b/.examples/docker-compose/insecure/postgres/apache/app/autoconfig.php deleted file mode 100644 index 3ac9f944..00000000 --- a/.examples/docker-compose/insecure/postgres/apache/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'pgsql', - 'dbname' => getenv('POSTGRES_DB'), - 'dbuser' => getenv('POSTGRES_USER'), - 'dbpass' => getenv('POSTGRES_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml index 3043a59f..8c4e8f4d 100644 --- a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml @@ -10,12 +10,14 @@ services: - db.env app: - build: ./app + image: nextcloud:apache restart: always ports: - 8080:80 volumes: - nextcloud:/var/www/html + environment: + - POSTGRES_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/insecure/postgres/fpm/app/Dockerfile b/.examples/docker-compose/insecure/postgres/fpm/app/Dockerfile deleted file mode 100644 index d1d1f807..00000000 --- a/.examples/docker-compose/insecure/postgres/fpm/app/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nextcloud:fpm - -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/insecure/postgres/fpm/app/autoconfig.php b/.examples/docker-compose/insecure/postgres/fpm/app/autoconfig.php deleted file mode 100644 index 3ac9f944..00000000 --- a/.examples/docker-compose/insecure/postgres/fpm/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'pgsql', - 'dbname' => getenv('POSTGRES_DB'), - 'dbuser' => getenv('POSTGRES_USER'), - 'dbpass' => getenv('POSTGRES_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml index 4df0a790..a64bfd5f 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml @@ -10,10 +10,12 @@ services: - db.env app: - build: ./app + image: nextcloud:fpm restart: always volumes: - nextcloud:/var/www/html + environment: + - POSTGRES_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile index 00598dd4..b55fb524 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile @@ -1,5 +1,3 @@ FROM nextcloud:apache -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php - COPY redis.config.php /usr/src/nextcloud/config/redis.config.php diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/autoconfig.php deleted file mode 100644 index ea7004e9..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'mysql', - 'dbname' => getenv('MYSQL_DATABASE'), - 'dbuser' => getenv('MYSQL_USER'), - 'dbpass' => getenv('MYSQL_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml index 80e32998..e01be64e 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml @@ -25,6 +25,8 @@ services: - VIRTUAL_HOST= - LETSENCRYPT_HOST= - LETSENCRYPT_EMAIL= + environment: + - MYSQL_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile index f9a41f56..4a111610 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile @@ -1,5 +1,3 @@ FROM nextcloud:fpm -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php - COPY redis.config.php /usr/src/nextcloud/config/redis.config.php diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/autoconfig.php deleted file mode 100644 index ea7004e9..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'mysql', - 'dbname' => getenv('MYSQL_DATABASE'), - 'dbuser' => getenv('MYSQL_USER'), - 'dbpass' => getenv('MYSQL_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml index e1c3a17e..8ed230ab 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml @@ -21,6 +21,8 @@ services: restart: always volumes: - nextcloud:/var/www/html + environment: + - MYSQL_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/app/Dockerfile deleted file mode 100644 index 8c03a7c8..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/app/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nextcloud:apache - -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/app/autoconfig.php deleted file mode 100644 index ea7004e9..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'mysql', - 'dbname' => getenv('MYSQL_DATABASE'), - 'dbuser' => getenv('MYSQL_USER'), - 'dbpass' => getenv('MYSQL_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml index 264a9edb..8617cf50 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml @@ -13,7 +13,7 @@ services: - db.env app: - build: ./app + image: nextcloud:apache restart: always volumes: - nextcloud:/var/www/html @@ -21,6 +21,8 @@ services: - VIRTUAL_HOST= - LETSENCRYPT_HOST= - LETSENCRYPT_EMAIL= + environment: + - MYSQL_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/Dockerfile deleted file mode 100644 index d1d1f807..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nextcloud:fpm - -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/autoconfig.php deleted file mode 100644 index ea7004e9..00000000 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'mysql', - 'dbname' => getenv('MYSQL_DATABASE'), - 'dbuser' => getenv('MYSQL_USER'), - 'dbpass' => getenv('MYSQL_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml index 35cdd33a..7417a665 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml @@ -13,10 +13,12 @@ services: - db.env app: - build: ./app + image: nextcloud:fpm restart: always volumes: - nextcloud:/var/www/html + environment: + - MYSQL_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/Dockerfile deleted file mode 100644 index 8c03a7c8..00000000 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nextcloud:apache - -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/autoconfig.php deleted file mode 100644 index 3ac9f944..00000000 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'pgsql', - 'dbname' => getenv('POSTGRES_DB'), - 'dbuser' => getenv('POSTGRES_USER'), - 'dbpass' => getenv('POSTGRES_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml index c1a992da..f2b37cf2 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml @@ -10,7 +10,7 @@ services: - db.env app: - build: ./app + image: nextcloud:apache restart: always volumes: - nextcloud:/var/www/html @@ -18,6 +18,8 @@ services: - VIRTUAL_HOST= - LETSENCRYPT_HOST= - LETSENCRYPT_EMAIL= + environment: + - POSTGRES_HOST=db env_file: - db.env depends_on: diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/Dockerfile b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/Dockerfile deleted file mode 100644 index d1d1f807..00000000 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nextcloud:fpm - -COPY autoconfig.php /usr/src/nextcloud/config/autoconfig.php diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/autoconfig.php b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/autoconfig.php deleted file mode 100644 index 3ac9f944..00000000 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/app/autoconfig.php +++ /dev/null @@ -1,10 +0,0 @@ - '/var/www/html/data', - 'dbtype' => 'pgsql', - 'dbname' => getenv('POSTGRES_DB'), - 'dbuser' => getenv('POSTGRES_USER'), - 'dbpass' => getenv('POSTGRES_PASSWORD'), - 'dbhost' => 'db', - 'dbtableprefix' => '', -); diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml index 117f8e7b..d929502b 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml @@ -10,10 +10,12 @@ services: - db.env app: - build: ./app + image: nextcloud:fpm restart: always volumes: - nextcloud:/var/www/html + environment: + - POSTGRES_HOST=db env_file: - db.env depends_on: From eeb0d6a400bffd09e5e582eac302771a1947c57e Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Sun, 24 Sep 2017 14:36:51 +0200 Subject: [PATCH 23/25] Add insecure description --- .examples/README.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/.examples/README.md b/.examples/README.md index 4dff0e31..063cd134 100644 --- a/.examples/README.md +++ b/.examples/README.md @@ -28,7 +28,17 @@ Before running the examples you have to modify the `db.env` and `docker-compose. The docker-compose examples make heavily use of dereived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker-compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `docker-compose.yml` file. -**TODO: ADD INSECURE DESCRIPTION** +### insecure + +To use this example complete the following steps: + +1. if you use mariadb or mysql choose a root password for the database in `docker-compose.yml` behind `MYSQL_ROOT_PASSWORD=` +2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres) +3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles +4. start nextcloud with `docker-compose up -d` + + +If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4. ### with-nginx-proxy @@ -41,9 +51,8 @@ To use this example complete the following steps: 1. open `docker-compose.yml` 1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=` 2. enter a valid email behind `LETSENCRYPT_EMAIL=` - 3. choose a root password for the database behind `MYSQL_ROOT_PASSWORD=` - 4. enter your collabora domain behind `domain=` -2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` + 3. if you use mariadb or mysql choose a root password for the database behind `MYSQL_ROOT_PASSWORD=` +2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres) 3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles 4. start nextcloud with `docker-compose up -d` From 122e66ca7cb27791fd32dfb8713d0b2f084d30cb Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Sat, 30 Sep 2017 13:14:13 +0200 Subject: [PATCH 24/25] Set client_max_body_size to 10G --- .../insecure/mariadb-cron-redis/fpm/web/nginx.conf | 2 +- .examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf | 2 +- .examples/docker-compose/insecure/postgres/fpm/web/nginx.conf | 2 +- .../mariadb-cron-redis/apache/proxy/uploadsize.conf | 2 +- .../mariadb-cron-redis/fpm/proxy/uploadsize.conf | 2 +- .../with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf | 2 +- .../with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf | 2 +- .../with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf | 2 +- .../docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf | 2 +- .../with-nginx-proxy/postgres/apache/proxy/uploadsize.conf | 2 +- .../with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf | 2 +- .../docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf index c23a7707..0b6fb89b 100644 --- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf @@ -73,7 +73,7 @@ http { } # set max upload size - client_max_body_size 512M; + client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf index c23a7707..0b6fb89b 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf @@ -73,7 +73,7 @@ http { } # set max upload size - client_max_body_size 512M; + client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf index c23a7707..0b6fb89b 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf @@ -73,7 +73,7 @@ http { } # set max upload size - client_max_body_size 512M; + client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf index 8c1bc580..c636de7d 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf @@ -1 +1 @@ -client_max_body_size 10g; +client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf index 8c1bc580..c636de7d 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf @@ -1 +1 @@ -client_max_body_size 10g; +client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf index c23a7707..0b6fb89b 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf @@ -73,7 +73,7 @@ http { } # set max upload size - client_max_body_size 512M; + client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf index 8c1bc580..c636de7d 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf @@ -1 +1 @@ -client_max_body_size 10g; +client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf index 8c1bc580..c636de7d 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf @@ -1 +1 @@ -client_max_body_size 10g; +client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf index c23a7707..0b6fb89b 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -73,7 +73,7 @@ http { } # set max upload size - client_max_body_size 512M; + client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf index 8c1bc580..c636de7d 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf @@ -1 +1 @@ -client_max_body_size 10g; +client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf index 8c1bc580..c636de7d 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf @@ -1 +1 @@ -client_max_body_size 10g; +client_max_body_size 10G; diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf index c23a7707..0b6fb89b 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -73,7 +73,7 @@ http { } # set max upload size - client_max_body_size 512M; + client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers From 3db0c2bf69a8de390b67d59c51212fd1320a34c1 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Thu, 5 Oct 2017 16:15:52 +0200 Subject: [PATCH 25/25] add a sentence why this setup is insecure --- .examples/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.examples/README.md b/.examples/README.md index 063cd134..dbcc5b8b 100644 --- a/.examples/README.md +++ b/.examples/README.md @@ -29,6 +29,9 @@ The docker-compose examples make heavily use of dereived Dockerfiles to add conf ### insecure +This example should only be used for testing on the local network because it uses a unencrypted http connection. +When you want to have your server reachable from the internet adding HTTPS-encryption is mandatory! +For this use one of the [with-nginx-proxy](#with-nginx-proxy) examples. To use this example complete the following steps: