mirror of
https://github.com/nextcloud/docker.git
synced 2025-07-28 01:18:06 +02:00
Compare commits
6 commits
058241155b
...
262a256614
Author | SHA1 | Date | |
---|---|---|---|
|
262a256614 | ||
|
6c1075b88d | ||
|
a9f9885e65 | ||
|
8c777a4144 | ||
|
0f899fe772 | ||
|
040b7411a4 |
16 changed files with 79 additions and 10 deletions
|
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
|
||||||
if ($trustedProxies) {
|
if ($trustedProxies) {
|
||||||
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
|
||||||
|
if ($forwardedForHeaders) {
|
||||||
|
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
|
||||||
|
}
|
||||||
|
|
|
@ -19,7 +19,14 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
|
||||||
// required for some non Amazon S3 implementations
|
// required for some non Amazon S3 implementations
|
||||||
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
|
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
|
||||||
// required for older protocol versions
|
// required for older protocol versions
|
||||||
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
|
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false',
|
||||||
|
'concurrency' => getenv('OBJECTSTORE_S3_CONCURRENCY') ?: '',
|
||||||
|
'proxy' => getenv('OBJECTSTORE_S3_PROXY') ?: '',
|
||||||
|
'timeout' => getenv('OBJECTSTORE_S3_TIMEOUT') ?: '',
|
||||||
|
'uploadPartSize' => getenv('OBJECTSTORE_S3_UPLOADPARTSIZE') ?:'',
|
||||||
|
'putSizeLimit' => getenv('OBJECTSTORE_S3_PUTSIZELIMIT') ?: '',
|
||||||
|
'version' => getenv('OBJECTSTORE_S3_VERSION') ?: '',
|
||||||
|
'verify_bucket_exists' => getenv('OBJECTSTORE_S3_VERIFY_BUCKET_EXISTS') ?: ''
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
|
@ -14,6 +14,7 @@ http {
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
types {
|
types {
|
||||||
text/javascript mjs;
|
text/javascript mjs;
|
||||||
|
application/wasm wasm;
|
||||||
}
|
}
|
||||||
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
@ -143,7 +144,7 @@ http {
|
||||||
# to the URI, resulting in a HTTP 500 error response.
|
# to the URI, resulting in a HTTP 500 error response.
|
||||||
location ~ \.php(?:$|/) {
|
location ~ \.php(?:$|/) {
|
||||||
# Required for legacy support
|
# Required for legacy support
|
||||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
|
||||||
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
set $path_info $fastcgi_path_info;
|
set $path_info $fastcgi_path_info;
|
||||||
|
@ -166,7 +167,7 @@ http {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Serve static files
|
# Serve static files
|
||||||
location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
|
||||||
try_files $uri /index.php$request_uri;
|
try_files $uri /index.php$request_uri;
|
||||||
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
||||||
add_header Referrer-Policy "no-referrer" always;
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
|
|
@ -14,6 +14,7 @@ http {
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
types {
|
types {
|
||||||
text/javascript mjs;
|
text/javascript mjs;
|
||||||
|
application/wasm wasm;
|
||||||
}
|
}
|
||||||
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
@ -143,7 +144,7 @@ http {
|
||||||
# to the URI, resulting in a HTTP 500 error response.
|
# to the URI, resulting in a HTTP 500 error response.
|
||||||
location ~ \.php(?:$|/) {
|
location ~ \.php(?:$|/) {
|
||||||
# Required for legacy support
|
# Required for legacy support
|
||||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
|
||||||
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
set $path_info $fastcgi_path_info;
|
set $path_info $fastcgi_path_info;
|
||||||
|
@ -166,7 +167,7 @@ http {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Serve static files
|
# Serve static files
|
||||||
location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
|
||||||
try_files $uri /index.php$request_uri;
|
try_files $uri /index.php$request_uri;
|
||||||
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
||||||
add_header Referrer-Policy "no-referrer" always;
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
|
|
@ -14,6 +14,7 @@ http {
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
types {
|
types {
|
||||||
text/javascript mjs;
|
text/javascript mjs;
|
||||||
|
application/wasm wasm;
|
||||||
}
|
}
|
||||||
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
@ -143,7 +144,7 @@ http {
|
||||||
# to the URI, resulting in a HTTP 500 error response.
|
# to the URI, resulting in a HTTP 500 error response.
|
||||||
location ~ \.php(?:$|/) {
|
location ~ \.php(?:$|/) {
|
||||||
# Required for legacy support
|
# Required for legacy support
|
||||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
|
||||||
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
set $path_info $fastcgi_path_info;
|
set $path_info $fastcgi_path_info;
|
||||||
|
@ -166,7 +167,7 @@ http {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Serve static files
|
# Serve static files
|
||||||
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
|
||||||
try_files $uri /index.php$request_uri;
|
try_files $uri /index.php$request_uri;
|
||||||
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
||||||
add_header Referrer-Policy "no-referrer" always;
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
|
|
@ -14,6 +14,7 @@ http {
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
types {
|
types {
|
||||||
text/javascript mjs;
|
text/javascript mjs;
|
||||||
|
application/wasm wasm;
|
||||||
}
|
}
|
||||||
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
@ -143,7 +144,7 @@ http {
|
||||||
# to the URI, resulting in a HTTP 500 error response.
|
# to the URI, resulting in a HTTP 500 error response.
|
||||||
location ~ \.php(?:$|/) {
|
location ~ \.php(?:$|/) {
|
||||||
# Required for legacy support
|
# Required for legacy support
|
||||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
|
||||||
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
set $path_info $fastcgi_path_info;
|
set $path_info $fastcgi_path_info;
|
||||||
|
@ -166,7 +167,7 @@ http {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Serve static files
|
# Serve static files
|
||||||
location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
|
||||||
try_files $uri /index.php$request_uri;
|
try_files $uri /index.php$request_uri;
|
||||||
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
||||||
add_header Referrer-Policy "no-referrer" always;
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
|
|
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
|
||||||
if ($trustedProxies) {
|
if ($trustedProxies) {
|
||||||
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
|
||||||
|
if ($forwardedForHeaders) {
|
||||||
|
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
|
||||||
|
}
|
||||||
|
|
|
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
|
||||||
if ($trustedProxies) {
|
if ($trustedProxies) {
|
||||||
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
|
||||||
|
if ($forwardedForHeaders) {
|
||||||
|
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
|
||||||
|
}
|
||||||
|
|
|
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
|
||||||
if ($trustedProxies) {
|
if ($trustedProxies) {
|
||||||
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
|
||||||
|
if ($forwardedForHeaders) {
|
||||||
|
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
|
||||||
|
}
|
||||||
|
|
|
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
|
||||||
if ($trustedProxies) {
|
if ($trustedProxies) {
|
||||||
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
|
||||||
|
if ($forwardedForHeaders) {
|
||||||
|
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
|
||||||
|
}
|
||||||
|
|
|
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
|
||||||
if ($trustedProxies) {
|
if ($trustedProxies) {
|
||||||
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
|
||||||
|
if ($forwardedForHeaders) {
|
||||||
|
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
|
||||||
|
}
|
||||||
|
|
|
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
|
||||||
if ($trustedProxies) {
|
if ($trustedProxies) {
|
||||||
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
|
||||||
|
if ($forwardedForHeaders) {
|
||||||
|
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
|
||||||
|
}
|
||||||
|
|
|
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
|
||||||
if ($trustedProxies) {
|
if ($trustedProxies) {
|
||||||
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
|
||||||
|
if ($forwardedForHeaders) {
|
||||||
|
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
|
||||||
|
}
|
||||||
|
|
|
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
|
||||||
if ($trustedProxies) {
|
if ($trustedProxies) {
|
||||||
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
|
||||||
|
if ($forwardedForHeaders) {
|
||||||
|
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
|
||||||
|
}
|
||||||
|
|
|
@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
|
||||||
if ($trustedProxies) {
|
if ($trustedProxies) {
|
||||||
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
|
||||||
|
if ($forwardedForHeaders) {
|
||||||
|
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
|
||||||
|
}
|
||||||
|
|
10
README.md
10
README.md
|
@ -191,6 +191,13 @@ To use an external S3 compatible object store as primary storage, set the follow
|
||||||
- `OBJECTSTORE_S3_OBJECT_PREFIX` (default: `urn:oid:`): Prefix to prepend to the fileid
|
- `OBJECTSTORE_S3_OBJECT_PREFIX` (default: `urn:oid:`): Prefix to prepend to the fileid
|
||||||
- `OBJECTSTORE_S3_AUTOCREATE` (default: `true`): Create the container if it does not exist
|
- `OBJECTSTORE_S3_AUTOCREATE` (default: `true`): Create the container if it does not exist
|
||||||
- `OBJECTSTORE_S3_SSE_C_KEY` (not set by default): Base64 encoded key with a maximum length of 32 bytes for server side encryption (SSE-C)
|
- `OBJECTSTORE_S3_SSE_C_KEY` (not set by default): Base64 encoded key with a maximum length of 32 bytes for server side encryption (SSE-C)
|
||||||
|
- `OBJECTSTORE_S3_CONCURRENCY` (default: `5`) defines the maximum number of concurrent multipart uploads
|
||||||
|
- `OBJECTSTORE_S3_PROXY` (default: `false`)
|
||||||
|
- `OBJECTSTORE_S3_TIMEOUT` (default: `15`)
|
||||||
|
- `OBJECTSTORE_S3_UPLOADPARTSIZE` (default: `524288000`)
|
||||||
|
- `OBJECTSTORE_S3_PUTSIZELIMIT` (default: `104857600`)
|
||||||
|
- `OBJECTSTORE_S3_VERSION` (default: `latest`)
|
||||||
|
- `OBJECTSTORE_S3_VERIFY_BUCKET_EXISTS` (default: `true`)
|
||||||
|
|
||||||
Check the [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3) for more information.
|
Check the [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3) for more information.
|
||||||
|
|
||||||
|
@ -261,7 +268,7 @@ To use the hooks triggered by the `entrypoint` script, either
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## Using the apache image behind a reverse proxy and auto configure server host and protocol
|
## Using the image behind a reverse proxy and auto configure server host and protocol
|
||||||
|
|
||||||
The apache image will replace the remote addr (IP address visible to Nextcloud) with the IP address from `X-Real-IP` if the request is coming from a proxy in `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16` by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client IP (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, then disable rewrite IP and add the reverse proxy's IP address to `TRUSTED_PROXIES`.
|
The apache image will replace the remote addr (IP address visible to Nextcloud) with the IP address from `X-Real-IP` if the request is coming from a proxy in `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16` by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client IP (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, then disable rewrite IP and add the reverse proxy's IP address to `TRUSTED_PROXIES`.
|
||||||
|
|
||||||
|
@ -276,6 +283,7 @@ If the `TRUSTED_PROXIES` approach does not work for you, try using fixed values
|
||||||
- `OVERWRITECLIURL` (empty by default): Set the cli url of the proxy (e.g. https://mydnsname.example.com)
|
- `OVERWRITECLIURL` (empty by default): Set the cli url of the proxy (e.g. https://mydnsname.example.com)
|
||||||
- `OVERWRITEWEBROOT` (empty by default): Set the absolute path of the proxy.
|
- `OVERWRITEWEBROOT` (empty by default): Set the absolute path of the proxy.
|
||||||
- `OVERWRITECONDADDR` (empty by default): Regex to overwrite the values dependent on the remote address.
|
- `OVERWRITECONDADDR` (empty by default): Regex to overwrite the values dependent on the remote address.
|
||||||
|
- `FORWARDED_FOR_HEADERS` (empty by default): HTTP headers with the original client IP address
|
||||||
|
|
||||||
Check the [Nexcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html) for more details.
|
Check the [Nexcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html) for more details.
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue