From b617bfc7a0d1d661f688a52357bde1ea446e0ef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=ADas=20Pecchia?= <179218+mabeett@users.noreply.github.com> Date: Sun, 18 Aug 2024 22:21:05 +0200 Subject: [PATCH 1/6] Secrets handling via entrypoint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Secrets files handled only in the entrypoint, converted during initial execuition. Solves #1148 Signed-off-by: Matías Pecchia <179218+mabeett@users.noreply.github.com> --- .config/autoconfig.php | 14 -------------- .config/redis.config.php | 2 +- .config/s3.config.php | 12 +++--------- .config/smtp.config.php | 6 ++---- 28/apache/config/autoconfig.php | 14 -------------- 28/apache/config/redis.config.php | 2 +- 28/apache/config/s3.config.php | 12 +++--------- 28/apache/config/smtp.config.php | 6 ++---- 28/apache/entrypoint.sh | 27 ++++++++++++++++++++++----- 28/fpm-alpine/config/autoconfig.php | 14 -------------- 28/fpm-alpine/config/redis.config.php | 2 +- 28/fpm-alpine/config/s3.config.php | 12 +++--------- 28/fpm-alpine/config/smtp.config.php | 6 ++---- 28/fpm-alpine/entrypoint.sh | 27 ++++++++++++++++++++++----- 28/fpm/config/autoconfig.php | 14 -------------- 28/fpm/config/redis.config.php | 2 +- 28/fpm/config/s3.config.php | 12 +++--------- 28/fpm/config/smtp.config.php | 6 ++---- 28/fpm/entrypoint.sh | 27 ++++++++++++++++++++++----- 29/apache/config/autoconfig.php | 14 -------------- 29/apache/config/redis.config.php | 2 +- 29/apache/config/s3.config.php | 12 +++--------- 29/apache/config/smtp.config.php | 6 ++---- 29/apache/entrypoint.sh | 27 ++++++++++++++++++++++----- 29/fpm-alpine/config/autoconfig.php | 14 -------------- 29/fpm-alpine/config/redis.config.php | 2 +- 29/fpm-alpine/config/s3.config.php | 12 +++--------- 29/fpm-alpine/config/smtp.config.php | 6 ++---- 29/fpm-alpine/entrypoint.sh | 27 ++++++++++++++++++++++----- 29/fpm/config/autoconfig.php | 14 -------------- 29/fpm/config/redis.config.php | 2 +- 29/fpm/config/s3.config.php | 12 +++--------- 29/fpm/config/smtp.config.php | 6 ++---- 29/fpm/entrypoint.sh | 27 ++++++++++++++++++++++----- docker-entrypoint.sh | 27 ++++++++++++++++++++++----- 35 files changed, 196 insertions(+), 231 deletions(-) diff --git a/.config/autoconfig.php b/.config/autoconfig.php index 92ad2a1c..f01f18d6 100644 --- a/.config/autoconfig.php +++ b/.config/autoconfig.php @@ -6,13 +6,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbtype'] = 'sqlite'; $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE'); $autoconfig_enabled = true; -} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) { - $AUTOCONFIG['dbtype'] = 'mysql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); - $autoconfig_enabled = true; } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { $AUTOCONFIG['dbtype'] = 'mysql'; $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE'); @@ -20,13 +13,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD'); $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); $autoconfig_enabled = true; -} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) { - $AUTOCONFIG['dbtype'] = 'pgsql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST'); - $autoconfig_enabled = true; } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { $AUTOCONFIG['dbtype'] = 'pgsql'; $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB'); diff --git a/.config/redis.config.php b/.config/redis.config.php index a5b13da6..a5fde3c7 100644 --- a/.config/redis.config.php +++ b/.config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/.config/s3.config.php b/.config/s3.config.php index 9941c562..b7dabf32 100644 --- a/.config/s3.config.php +++ b/.config/s3.config.php @@ -24,25 +24,19 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { + if (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); } else { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + if (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); } else { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); } } diff --git a/.config/smtp.config.php b/.config/smtp.config.php index 66a2ef7e..40cfdf94 100644 --- a/.config/smtp.config.php +++ b/.config/smtp.config.php @@ -5,16 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE')) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { + if (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); } else { $CONFIG['mail_smtppassword'] = ''; diff --git a/28/apache/config/autoconfig.php b/28/apache/config/autoconfig.php index 92ad2a1c..f01f18d6 100644 --- a/28/apache/config/autoconfig.php +++ b/28/apache/config/autoconfig.php @@ -6,13 +6,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbtype'] = 'sqlite'; $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE'); $autoconfig_enabled = true; -} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) { - $AUTOCONFIG['dbtype'] = 'mysql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); - $autoconfig_enabled = true; } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { $AUTOCONFIG['dbtype'] = 'mysql'; $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE'); @@ -20,13 +13,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD'); $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); $autoconfig_enabled = true; -} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) { - $AUTOCONFIG['dbtype'] = 'pgsql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST'); - $autoconfig_enabled = true; } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { $AUTOCONFIG['dbtype'] = 'pgsql'; $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB'); diff --git a/28/apache/config/redis.config.php b/28/apache/config/redis.config.php index a5b13da6..a5fde3c7 100644 --- a/28/apache/config/redis.config.php +++ b/28/apache/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/28/apache/config/s3.config.php b/28/apache/config/s3.config.php index 9941c562..b7dabf32 100644 --- a/28/apache/config/s3.config.php +++ b/28/apache/config/s3.config.php @@ -24,25 +24,19 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { + if (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); } else { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + if (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); } else { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); } } diff --git a/28/apache/config/smtp.config.php b/28/apache/config/smtp.config.php index 66a2ef7e..40cfdf94 100644 --- a/28/apache/config/smtp.config.php +++ b/28/apache/config/smtp.config.php @@ -5,16 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE')) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { + if (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); } else { $CONFIG['mail_smtppassword'] = ''; diff --git a/28/apache/entrypoint.sh b/28/apache/entrypoint.sh index 8e178f2e..809e2762 100755 --- a/28/apache/entrypoint.sh +++ b/28/apache/entrypoint.sh @@ -63,14 +63,16 @@ file_env() { local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + echo "Warning: both $var and $fileVar are set ($fileVar takes precedence)" fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then + if [ -n "${fileVarValue}" ]; then + echo "note: taking ${fileVar} file for ${var} value" export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${varValue}" ]; then + echo "note: using ${var} variable for ${var} value" + export "$var"="${varValue}" elif [ -n "${def}" ]; then + echo "note: using invoked definition for ${var} value" export "$var"="$def" fi unset "$fileVar" @@ -82,6 +84,21 @@ if expr "$1" : "apache" 1>/dev/null; then fi fi +# All possible content secrets to variable +file_env NEXTCLOUD_ADMIN_PASSWORD +file_env NEXTCLOUD_ADMIN_USER +file_env MYSQL_DATABASE +file_env MYSQL_PASSWORD +file_env MYSQL_USER +file_env POSTGRES_DB +file_env POSTGRES_PASSWORD +file_env POSTGRES_USER +file_env REDIS_HOST_PASSWORD +file_env SMTP_PASSWORD +file_env OBJECTSTORE_S3_KEY +file_env OBJECTSTORE_S3_SECRET +file_env OBJECTSTORE_S3_SSE_C_KEY + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then uid="$(id -u)" gid="$(id -g)" diff --git a/28/fpm-alpine/config/autoconfig.php b/28/fpm-alpine/config/autoconfig.php index 92ad2a1c..f01f18d6 100644 --- a/28/fpm-alpine/config/autoconfig.php +++ b/28/fpm-alpine/config/autoconfig.php @@ -6,13 +6,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbtype'] = 'sqlite'; $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE'); $autoconfig_enabled = true; -} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) { - $AUTOCONFIG['dbtype'] = 'mysql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); - $autoconfig_enabled = true; } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { $AUTOCONFIG['dbtype'] = 'mysql'; $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE'); @@ -20,13 +13,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD'); $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); $autoconfig_enabled = true; -} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) { - $AUTOCONFIG['dbtype'] = 'pgsql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST'); - $autoconfig_enabled = true; } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { $AUTOCONFIG['dbtype'] = 'pgsql'; $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB'); diff --git a/28/fpm-alpine/config/redis.config.php b/28/fpm-alpine/config/redis.config.php index a5b13da6..a5fde3c7 100644 --- a/28/fpm-alpine/config/redis.config.php +++ b/28/fpm-alpine/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/28/fpm-alpine/config/s3.config.php b/28/fpm-alpine/config/s3.config.php index 9941c562..b7dabf32 100644 --- a/28/fpm-alpine/config/s3.config.php +++ b/28/fpm-alpine/config/s3.config.php @@ -24,25 +24,19 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { + if (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); } else { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + if (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); } else { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); } } diff --git a/28/fpm-alpine/config/smtp.config.php b/28/fpm-alpine/config/smtp.config.php index 66a2ef7e..40cfdf94 100644 --- a/28/fpm-alpine/config/smtp.config.php +++ b/28/fpm-alpine/config/smtp.config.php @@ -5,16 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE')) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { + if (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); } else { $CONFIG['mail_smtppassword'] = ''; diff --git a/28/fpm-alpine/entrypoint.sh b/28/fpm-alpine/entrypoint.sh index 8e178f2e..809e2762 100755 --- a/28/fpm-alpine/entrypoint.sh +++ b/28/fpm-alpine/entrypoint.sh @@ -63,14 +63,16 @@ file_env() { local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + echo "Warning: both $var and $fileVar are set ($fileVar takes precedence)" fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then + if [ -n "${fileVarValue}" ]; then + echo "note: taking ${fileVar} file for ${var} value" export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${varValue}" ]; then + echo "note: using ${var} variable for ${var} value" + export "$var"="${varValue}" elif [ -n "${def}" ]; then + echo "note: using invoked definition for ${var} value" export "$var"="$def" fi unset "$fileVar" @@ -82,6 +84,21 @@ if expr "$1" : "apache" 1>/dev/null; then fi fi +# All possible content secrets to variable +file_env NEXTCLOUD_ADMIN_PASSWORD +file_env NEXTCLOUD_ADMIN_USER +file_env MYSQL_DATABASE +file_env MYSQL_PASSWORD +file_env MYSQL_USER +file_env POSTGRES_DB +file_env POSTGRES_PASSWORD +file_env POSTGRES_USER +file_env REDIS_HOST_PASSWORD +file_env SMTP_PASSWORD +file_env OBJECTSTORE_S3_KEY +file_env OBJECTSTORE_S3_SECRET +file_env OBJECTSTORE_S3_SSE_C_KEY + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then uid="$(id -u)" gid="$(id -g)" diff --git a/28/fpm/config/autoconfig.php b/28/fpm/config/autoconfig.php index 92ad2a1c..f01f18d6 100644 --- a/28/fpm/config/autoconfig.php +++ b/28/fpm/config/autoconfig.php @@ -6,13 +6,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbtype'] = 'sqlite'; $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE'); $autoconfig_enabled = true; -} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) { - $AUTOCONFIG['dbtype'] = 'mysql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); - $autoconfig_enabled = true; } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { $AUTOCONFIG['dbtype'] = 'mysql'; $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE'); @@ -20,13 +13,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD'); $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); $autoconfig_enabled = true; -} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) { - $AUTOCONFIG['dbtype'] = 'pgsql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST'); - $autoconfig_enabled = true; } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { $AUTOCONFIG['dbtype'] = 'pgsql'; $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB'); diff --git a/28/fpm/config/redis.config.php b/28/fpm/config/redis.config.php index a5b13da6..a5fde3c7 100644 --- a/28/fpm/config/redis.config.php +++ b/28/fpm/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/28/fpm/config/s3.config.php b/28/fpm/config/s3.config.php index 9941c562..b7dabf32 100644 --- a/28/fpm/config/s3.config.php +++ b/28/fpm/config/s3.config.php @@ -24,25 +24,19 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { + if (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); } else { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + if (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); } else { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); } } diff --git a/28/fpm/config/smtp.config.php b/28/fpm/config/smtp.config.php index 66a2ef7e..40cfdf94 100644 --- a/28/fpm/config/smtp.config.php +++ b/28/fpm/config/smtp.config.php @@ -5,16 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE')) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { + if (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); } else { $CONFIG['mail_smtppassword'] = ''; diff --git a/28/fpm/entrypoint.sh b/28/fpm/entrypoint.sh index 8e178f2e..809e2762 100755 --- a/28/fpm/entrypoint.sh +++ b/28/fpm/entrypoint.sh @@ -63,14 +63,16 @@ file_env() { local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + echo "Warning: both $var and $fileVar are set ($fileVar takes precedence)" fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then + if [ -n "${fileVarValue}" ]; then + echo "note: taking ${fileVar} file for ${var} value" export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${varValue}" ]; then + echo "note: using ${var} variable for ${var} value" + export "$var"="${varValue}" elif [ -n "${def}" ]; then + echo "note: using invoked definition for ${var} value" export "$var"="$def" fi unset "$fileVar" @@ -82,6 +84,21 @@ if expr "$1" : "apache" 1>/dev/null; then fi fi +# All possible content secrets to variable +file_env NEXTCLOUD_ADMIN_PASSWORD +file_env NEXTCLOUD_ADMIN_USER +file_env MYSQL_DATABASE +file_env MYSQL_PASSWORD +file_env MYSQL_USER +file_env POSTGRES_DB +file_env POSTGRES_PASSWORD +file_env POSTGRES_USER +file_env REDIS_HOST_PASSWORD +file_env SMTP_PASSWORD +file_env OBJECTSTORE_S3_KEY +file_env OBJECTSTORE_S3_SECRET +file_env OBJECTSTORE_S3_SSE_C_KEY + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then uid="$(id -u)" gid="$(id -g)" diff --git a/29/apache/config/autoconfig.php b/29/apache/config/autoconfig.php index 92ad2a1c..f01f18d6 100644 --- a/29/apache/config/autoconfig.php +++ b/29/apache/config/autoconfig.php @@ -6,13 +6,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbtype'] = 'sqlite'; $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE'); $autoconfig_enabled = true; -} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) { - $AUTOCONFIG['dbtype'] = 'mysql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); - $autoconfig_enabled = true; } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { $AUTOCONFIG['dbtype'] = 'mysql'; $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE'); @@ -20,13 +13,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD'); $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); $autoconfig_enabled = true; -} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) { - $AUTOCONFIG['dbtype'] = 'pgsql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST'); - $autoconfig_enabled = true; } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { $AUTOCONFIG['dbtype'] = 'pgsql'; $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB'); diff --git a/29/apache/config/redis.config.php b/29/apache/config/redis.config.php index a5b13da6..a5fde3c7 100644 --- a/29/apache/config/redis.config.php +++ b/29/apache/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/29/apache/config/s3.config.php b/29/apache/config/s3.config.php index 9941c562..b7dabf32 100644 --- a/29/apache/config/s3.config.php +++ b/29/apache/config/s3.config.php @@ -24,25 +24,19 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { + if (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); } else { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + if (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); } else { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); } } diff --git a/29/apache/config/smtp.config.php b/29/apache/config/smtp.config.php index 66a2ef7e..40cfdf94 100644 --- a/29/apache/config/smtp.config.php +++ b/29/apache/config/smtp.config.php @@ -5,16 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE')) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { + if (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); } else { $CONFIG['mail_smtppassword'] = ''; diff --git a/29/apache/entrypoint.sh b/29/apache/entrypoint.sh index 8e178f2e..809e2762 100755 --- a/29/apache/entrypoint.sh +++ b/29/apache/entrypoint.sh @@ -63,14 +63,16 @@ file_env() { local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + echo "Warning: both $var and $fileVar are set ($fileVar takes precedence)" fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then + if [ -n "${fileVarValue}" ]; then + echo "note: taking ${fileVar} file for ${var} value" export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${varValue}" ]; then + echo "note: using ${var} variable for ${var} value" + export "$var"="${varValue}" elif [ -n "${def}" ]; then + echo "note: using invoked definition for ${var} value" export "$var"="$def" fi unset "$fileVar" @@ -82,6 +84,21 @@ if expr "$1" : "apache" 1>/dev/null; then fi fi +# All possible content secrets to variable +file_env NEXTCLOUD_ADMIN_PASSWORD +file_env NEXTCLOUD_ADMIN_USER +file_env MYSQL_DATABASE +file_env MYSQL_PASSWORD +file_env MYSQL_USER +file_env POSTGRES_DB +file_env POSTGRES_PASSWORD +file_env POSTGRES_USER +file_env REDIS_HOST_PASSWORD +file_env SMTP_PASSWORD +file_env OBJECTSTORE_S3_KEY +file_env OBJECTSTORE_S3_SECRET +file_env OBJECTSTORE_S3_SSE_C_KEY + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then uid="$(id -u)" gid="$(id -g)" diff --git a/29/fpm-alpine/config/autoconfig.php b/29/fpm-alpine/config/autoconfig.php index 92ad2a1c..f01f18d6 100644 --- a/29/fpm-alpine/config/autoconfig.php +++ b/29/fpm-alpine/config/autoconfig.php @@ -6,13 +6,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbtype'] = 'sqlite'; $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE'); $autoconfig_enabled = true; -} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) { - $AUTOCONFIG['dbtype'] = 'mysql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); - $autoconfig_enabled = true; } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { $AUTOCONFIG['dbtype'] = 'mysql'; $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE'); @@ -20,13 +13,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD'); $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); $autoconfig_enabled = true; -} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) { - $AUTOCONFIG['dbtype'] = 'pgsql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST'); - $autoconfig_enabled = true; } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { $AUTOCONFIG['dbtype'] = 'pgsql'; $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB'); diff --git a/29/fpm-alpine/config/redis.config.php b/29/fpm-alpine/config/redis.config.php index a5b13da6..a5fde3c7 100644 --- a/29/fpm-alpine/config/redis.config.php +++ b/29/fpm-alpine/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/29/fpm-alpine/config/s3.config.php b/29/fpm-alpine/config/s3.config.php index 9941c562..b7dabf32 100644 --- a/29/fpm-alpine/config/s3.config.php +++ b/29/fpm-alpine/config/s3.config.php @@ -24,25 +24,19 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { + if (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); } else { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + if (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); } else { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); } } diff --git a/29/fpm-alpine/config/smtp.config.php b/29/fpm-alpine/config/smtp.config.php index 66a2ef7e..40cfdf94 100644 --- a/29/fpm-alpine/config/smtp.config.php +++ b/29/fpm-alpine/config/smtp.config.php @@ -5,16 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE')) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { + if (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); } else { $CONFIG['mail_smtppassword'] = ''; diff --git a/29/fpm-alpine/entrypoint.sh b/29/fpm-alpine/entrypoint.sh index 8e178f2e..809e2762 100755 --- a/29/fpm-alpine/entrypoint.sh +++ b/29/fpm-alpine/entrypoint.sh @@ -63,14 +63,16 @@ file_env() { local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + echo "Warning: both $var and $fileVar are set ($fileVar takes precedence)" fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then + if [ -n "${fileVarValue}" ]; then + echo "note: taking ${fileVar} file for ${var} value" export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${varValue}" ]; then + echo "note: using ${var} variable for ${var} value" + export "$var"="${varValue}" elif [ -n "${def}" ]; then + echo "note: using invoked definition for ${var} value" export "$var"="$def" fi unset "$fileVar" @@ -82,6 +84,21 @@ if expr "$1" : "apache" 1>/dev/null; then fi fi +# All possible content secrets to variable +file_env NEXTCLOUD_ADMIN_PASSWORD +file_env NEXTCLOUD_ADMIN_USER +file_env MYSQL_DATABASE +file_env MYSQL_PASSWORD +file_env MYSQL_USER +file_env POSTGRES_DB +file_env POSTGRES_PASSWORD +file_env POSTGRES_USER +file_env REDIS_HOST_PASSWORD +file_env SMTP_PASSWORD +file_env OBJECTSTORE_S3_KEY +file_env OBJECTSTORE_S3_SECRET +file_env OBJECTSTORE_S3_SSE_C_KEY + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then uid="$(id -u)" gid="$(id -g)" diff --git a/29/fpm/config/autoconfig.php b/29/fpm/config/autoconfig.php index 92ad2a1c..f01f18d6 100644 --- a/29/fpm/config/autoconfig.php +++ b/29/fpm/config/autoconfig.php @@ -6,13 +6,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbtype'] = 'sqlite'; $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE'); $autoconfig_enabled = true; -} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) { - $AUTOCONFIG['dbtype'] = 'mysql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); - $autoconfig_enabled = true; } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { $AUTOCONFIG['dbtype'] = 'mysql'; $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE'); @@ -20,13 +13,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD'); $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); $autoconfig_enabled = true; -} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) { - $AUTOCONFIG['dbtype'] = 'pgsql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST'); - $autoconfig_enabled = true; } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { $AUTOCONFIG['dbtype'] = 'pgsql'; $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB'); diff --git a/29/fpm/config/redis.config.php b/29/fpm/config/redis.config.php index a5b13da6..a5fde3c7 100644 --- a/29/fpm/config/redis.config.php +++ b/29/fpm/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/29/fpm/config/s3.config.php b/29/fpm/config/s3.config.php index 9941c562..b7dabf32 100644 --- a/29/fpm/config/s3.config.php +++ b/29/fpm/config/s3.config.php @@ -24,25 +24,19 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { + if (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); } else { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + if (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); } else { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); } } diff --git a/29/fpm/config/smtp.config.php b/29/fpm/config/smtp.config.php index 66a2ef7e..40cfdf94 100644 --- a/29/fpm/config/smtp.config.php +++ b/29/fpm/config/smtp.config.php @@ -5,16 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE')) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { + if (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); } else { $CONFIG['mail_smtppassword'] = ''; diff --git a/29/fpm/entrypoint.sh b/29/fpm/entrypoint.sh index 8e178f2e..809e2762 100755 --- a/29/fpm/entrypoint.sh +++ b/29/fpm/entrypoint.sh @@ -63,14 +63,16 @@ file_env() { local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + echo "Warning: both $var and $fileVar are set ($fileVar takes precedence)" fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then + if [ -n "${fileVarValue}" ]; then + echo "note: taking ${fileVar} file for ${var} value" export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${varValue}" ]; then + echo "note: using ${var} variable for ${var} value" + export "$var"="${varValue}" elif [ -n "${def}" ]; then + echo "note: using invoked definition for ${var} value" export "$var"="$def" fi unset "$fileVar" @@ -82,6 +84,21 @@ if expr "$1" : "apache" 1>/dev/null; then fi fi +# All possible content secrets to variable +file_env NEXTCLOUD_ADMIN_PASSWORD +file_env NEXTCLOUD_ADMIN_USER +file_env MYSQL_DATABASE +file_env MYSQL_PASSWORD +file_env MYSQL_USER +file_env POSTGRES_DB +file_env POSTGRES_PASSWORD +file_env POSTGRES_USER +file_env REDIS_HOST_PASSWORD +file_env SMTP_PASSWORD +file_env OBJECTSTORE_S3_KEY +file_env OBJECTSTORE_S3_SECRET +file_env OBJECTSTORE_S3_SSE_C_KEY + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then uid="$(id -u)" gid="$(id -g)" diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 8e178f2e..809e2762 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -63,14 +63,16 @@ file_env() { local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + echo "Warning: both $var and $fileVar are set ($fileVar takes precedence)" fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then + if [ -n "${fileVarValue}" ]; then + echo "note: taking ${fileVar} file for ${var} value" export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${varValue}" ]; then + echo "note: using ${var} variable for ${var} value" + export "$var"="${varValue}" elif [ -n "${def}" ]; then + echo "note: using invoked definition for ${var} value" export "$var"="$def" fi unset "$fileVar" @@ -82,6 +84,21 @@ if expr "$1" : "apache" 1>/dev/null; then fi fi +# All possible content secrets to variable +file_env NEXTCLOUD_ADMIN_PASSWORD +file_env NEXTCLOUD_ADMIN_USER +file_env MYSQL_DATABASE +file_env MYSQL_PASSWORD +file_env MYSQL_USER +file_env POSTGRES_DB +file_env POSTGRES_PASSWORD +file_env POSTGRES_USER +file_env REDIS_HOST_PASSWORD +file_env SMTP_PASSWORD +file_env OBJECTSTORE_S3_KEY +file_env OBJECTSTORE_S3_SECRET +file_env OBJECTSTORE_S3_SSE_C_KEY + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then uid="$(id -u)" gid="$(id -g)" From 1a0fb1bfc2f4bf04ede9eab2fc3bb55482ce6946 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=ADas=20Pecchia?= <179218+mabeett@users.noreply.github.com> Date: Sun, 22 Sep 2024 19:56:30 +0200 Subject: [PATCH 2/6] Runs update.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matías Pecchia <179218+mabeett@users.noreply.github.com> --- 30/apache/config/autoconfig.php | 14 -------------- 30/apache/config/redis.config.php | 2 +- 30/apache/config/s3.config.php | 12 +++--------- 30/apache/config/smtp.config.php | 6 ++---- 30/apache/entrypoint.sh | 27 ++++++++++++++++++++++----- 30/fpm-alpine/config/autoconfig.php | 14 -------------- 30/fpm-alpine/config/redis.config.php | 2 +- 30/fpm-alpine/config/s3.config.php | 12 +++--------- 30/fpm-alpine/config/smtp.config.php | 6 ++---- 30/fpm-alpine/entrypoint.sh | 27 ++++++++++++++++++++++----- 30/fpm/config/autoconfig.php | 14 -------------- 30/fpm/config/redis.config.php | 2 +- 30/fpm/config/s3.config.php | 12 +++--------- 30/fpm/config/smtp.config.php | 6 ++---- 30/fpm/entrypoint.sh | 27 ++++++++++++++++++++++----- 15 files changed, 84 insertions(+), 99 deletions(-) diff --git a/30/apache/config/autoconfig.php b/30/apache/config/autoconfig.php index 92ad2a1c..f01f18d6 100644 --- a/30/apache/config/autoconfig.php +++ b/30/apache/config/autoconfig.php @@ -6,13 +6,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbtype'] = 'sqlite'; $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE'); $autoconfig_enabled = true; -} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) { - $AUTOCONFIG['dbtype'] = 'mysql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); - $autoconfig_enabled = true; } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { $AUTOCONFIG['dbtype'] = 'mysql'; $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE'); @@ -20,13 +13,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD'); $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); $autoconfig_enabled = true; -} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) { - $AUTOCONFIG['dbtype'] = 'pgsql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST'); - $autoconfig_enabled = true; } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { $AUTOCONFIG['dbtype'] = 'pgsql'; $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB'); diff --git a/30/apache/config/redis.config.php b/30/apache/config/redis.config.php index a5b13da6..a5fde3c7 100644 --- a/30/apache/config/redis.config.php +++ b/30/apache/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/30/apache/config/s3.config.php b/30/apache/config/s3.config.php index 9941c562..b7dabf32 100644 --- a/30/apache/config/s3.config.php +++ b/30/apache/config/s3.config.php @@ -24,25 +24,19 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { + if (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); } else { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + if (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); } else { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); } } diff --git a/30/apache/config/smtp.config.php b/30/apache/config/smtp.config.php index 66a2ef7e..40cfdf94 100644 --- a/30/apache/config/smtp.config.php +++ b/30/apache/config/smtp.config.php @@ -5,16 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE')) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { + if (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); } else { $CONFIG['mail_smtppassword'] = ''; diff --git a/30/apache/entrypoint.sh b/30/apache/entrypoint.sh index 8e178f2e..809e2762 100755 --- a/30/apache/entrypoint.sh +++ b/30/apache/entrypoint.sh @@ -63,14 +63,16 @@ file_env() { local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + echo "Warning: both $var and $fileVar are set ($fileVar takes precedence)" fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then + if [ -n "${fileVarValue}" ]; then + echo "note: taking ${fileVar} file for ${var} value" export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${varValue}" ]; then + echo "note: using ${var} variable for ${var} value" + export "$var"="${varValue}" elif [ -n "${def}" ]; then + echo "note: using invoked definition for ${var} value" export "$var"="$def" fi unset "$fileVar" @@ -82,6 +84,21 @@ if expr "$1" : "apache" 1>/dev/null; then fi fi +# All possible content secrets to variable +file_env NEXTCLOUD_ADMIN_PASSWORD +file_env NEXTCLOUD_ADMIN_USER +file_env MYSQL_DATABASE +file_env MYSQL_PASSWORD +file_env MYSQL_USER +file_env POSTGRES_DB +file_env POSTGRES_PASSWORD +file_env POSTGRES_USER +file_env REDIS_HOST_PASSWORD +file_env SMTP_PASSWORD +file_env OBJECTSTORE_S3_KEY +file_env OBJECTSTORE_S3_SECRET +file_env OBJECTSTORE_S3_SSE_C_KEY + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then uid="$(id -u)" gid="$(id -g)" diff --git a/30/fpm-alpine/config/autoconfig.php b/30/fpm-alpine/config/autoconfig.php index 92ad2a1c..f01f18d6 100644 --- a/30/fpm-alpine/config/autoconfig.php +++ b/30/fpm-alpine/config/autoconfig.php @@ -6,13 +6,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbtype'] = 'sqlite'; $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE'); $autoconfig_enabled = true; -} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) { - $AUTOCONFIG['dbtype'] = 'mysql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); - $autoconfig_enabled = true; } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { $AUTOCONFIG['dbtype'] = 'mysql'; $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE'); @@ -20,13 +13,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD'); $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); $autoconfig_enabled = true; -} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) { - $AUTOCONFIG['dbtype'] = 'pgsql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST'); - $autoconfig_enabled = true; } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { $AUTOCONFIG['dbtype'] = 'pgsql'; $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB'); diff --git a/30/fpm-alpine/config/redis.config.php b/30/fpm-alpine/config/redis.config.php index a5b13da6..a5fde3c7 100644 --- a/30/fpm-alpine/config/redis.config.php +++ b/30/fpm-alpine/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/30/fpm-alpine/config/s3.config.php b/30/fpm-alpine/config/s3.config.php index 9941c562..b7dabf32 100644 --- a/30/fpm-alpine/config/s3.config.php +++ b/30/fpm-alpine/config/s3.config.php @@ -24,25 +24,19 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { + if (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); } else { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + if (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); } else { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); } } diff --git a/30/fpm-alpine/config/smtp.config.php b/30/fpm-alpine/config/smtp.config.php index 66a2ef7e..40cfdf94 100644 --- a/30/fpm-alpine/config/smtp.config.php +++ b/30/fpm-alpine/config/smtp.config.php @@ -5,16 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE')) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { + if (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); } else { $CONFIG['mail_smtppassword'] = ''; diff --git a/30/fpm-alpine/entrypoint.sh b/30/fpm-alpine/entrypoint.sh index 8e178f2e..809e2762 100755 --- a/30/fpm-alpine/entrypoint.sh +++ b/30/fpm-alpine/entrypoint.sh @@ -63,14 +63,16 @@ file_env() { local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + echo "Warning: both $var and $fileVar are set ($fileVar takes precedence)" fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then + if [ -n "${fileVarValue}" ]; then + echo "note: taking ${fileVar} file for ${var} value" export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${varValue}" ]; then + echo "note: using ${var} variable for ${var} value" + export "$var"="${varValue}" elif [ -n "${def}" ]; then + echo "note: using invoked definition for ${var} value" export "$var"="$def" fi unset "$fileVar" @@ -82,6 +84,21 @@ if expr "$1" : "apache" 1>/dev/null; then fi fi +# All possible content secrets to variable +file_env NEXTCLOUD_ADMIN_PASSWORD +file_env NEXTCLOUD_ADMIN_USER +file_env MYSQL_DATABASE +file_env MYSQL_PASSWORD +file_env MYSQL_USER +file_env POSTGRES_DB +file_env POSTGRES_PASSWORD +file_env POSTGRES_USER +file_env REDIS_HOST_PASSWORD +file_env SMTP_PASSWORD +file_env OBJECTSTORE_S3_KEY +file_env OBJECTSTORE_S3_SECRET +file_env OBJECTSTORE_S3_SSE_C_KEY + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then uid="$(id -u)" gid="$(id -g)" diff --git a/30/fpm/config/autoconfig.php b/30/fpm/config/autoconfig.php index 92ad2a1c..f01f18d6 100644 --- a/30/fpm/config/autoconfig.php +++ b/30/fpm/config/autoconfig.php @@ -6,13 +6,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbtype'] = 'sqlite'; $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE'); $autoconfig_enabled = true; -} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) { - $AUTOCONFIG['dbtype'] = 'mysql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); - $autoconfig_enabled = true; } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { $AUTOCONFIG['dbtype'] = 'mysql'; $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE'); @@ -20,13 +13,6 @@ if (getenv('SQLITE_DATABASE')) { $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD'); $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST'); $autoconfig_enabled = true; -} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) { - $AUTOCONFIG['dbtype'] = 'pgsql'; - $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE'))); - $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE'))); - $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE'))); - $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST'); - $autoconfig_enabled = true; } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { $AUTOCONFIG['dbtype'] = 'pgsql'; $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB'); diff --git a/30/fpm/config/redis.config.php b/30/fpm/config/redis.config.php index a5b13da6..a5fde3c7 100644 --- a/30/fpm/config/redis.config.php +++ b/30/fpm/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/30/fpm/config/s3.config.php b/30/fpm/config/s3.config.php index 9941c562..b7dabf32 100644 --- a/30/fpm/config/s3.config.php +++ b/30/fpm/config/s3.config.php @@ -24,25 +24,19 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { + if (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); } else { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { + if (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); } else { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); } } diff --git a/30/fpm/config/smtp.config.php b/30/fpm/config/smtp.config.php index 66a2ef7e..40cfdf94 100644 --- a/30/fpm/config/smtp.config.php +++ b/30/fpm/config/smtp.config.php @@ -5,16 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), + 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE')) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { + if (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); } else { $CONFIG['mail_smtppassword'] = ''; diff --git a/30/fpm/entrypoint.sh b/30/fpm/entrypoint.sh index 8e178f2e..809e2762 100755 --- a/30/fpm/entrypoint.sh +++ b/30/fpm/entrypoint.sh @@ -63,14 +63,16 @@ file_env() { local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + echo "Warning: both $var and $fileVar are set ($fileVar takes precedence)" fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then + if [ -n "${fileVarValue}" ]; then + echo "note: taking ${fileVar} file for ${var} value" export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${varValue}" ]; then + echo "note: using ${var} variable for ${var} value" + export "$var"="${varValue}" elif [ -n "${def}" ]; then + echo "note: using invoked definition for ${var} value" export "$var"="$def" fi unset "$fileVar" @@ -82,6 +84,21 @@ if expr "$1" : "apache" 1>/dev/null; then fi fi +# All possible content secrets to variable +file_env NEXTCLOUD_ADMIN_PASSWORD +file_env NEXTCLOUD_ADMIN_USER +file_env MYSQL_DATABASE +file_env MYSQL_PASSWORD +file_env MYSQL_USER +file_env POSTGRES_DB +file_env POSTGRES_PASSWORD +file_env POSTGRES_USER +file_env REDIS_HOST_PASSWORD +file_env SMTP_PASSWORD +file_env OBJECTSTORE_S3_KEY +file_env OBJECTSTORE_S3_SECRET +file_env OBJECTSTORE_S3_SSE_C_KEY + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then uid="$(id -u)" gid="$(id -g)" From 5a242f605505e4389ee9b715f99df57abcbf81ef Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 8 Oct 2024 15:33:18 +0200 Subject: [PATCH 3/6] MariaDB 10.11 (#2298) Signed-off-by: J0WI --- .../docker-compose/insecure/mariadb/apache/compose.yaml | 2 +- .examples/docker-compose/insecure/mariadb/fpm/compose.yaml | 2 +- .../with-nginx-proxy/mariadb/apache/compose.yaml | 2 +- .../with-nginx-proxy/mariadb/fpm/compose.yaml | 2 +- README.md | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb/apache/compose.yaml b/.examples/docker-compose/insecure/mariadb/apache/compose.yaml index 775c35ef..4d0fd8fd 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/compose.yaml +++ b/.examples/docker-compose/insecure/mariadb/apache/compose.yaml @@ -1,6 +1,6 @@ services: db: - image: mariadb:10.6 + image: mariadb:10.11 command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW restart: always volumes: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml b/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml index 846cdaa3..06b12afb 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml +++ b/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml @@ -1,6 +1,6 @@ services: db: - image: mariadb:10.6 + image: mariadb:10.11 command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW restart: always volumes: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml index 98f2ec46..7a221407 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml @@ -1,6 +1,6 @@ services: db: - image: mariadb:10.6 + image: mariadb:10.11 command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW restart: always volumes: diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml index 863d0ac4..ff7a5388 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml @@ -1,6 +1,6 @@ services: db: - image: mariadb:10.6 + image: mariadb:10.11 command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW restart: always volumes: diff --git a/README.md b/README.md index b2ec983d..abe5b25b 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ Database: ```console $ docker run -d \ -v db:/var/lib/mysql \ -mariadb:10.6 +mariadb:10.11 ``` ### Additional volumes @@ -294,7 +294,7 @@ Make sure to pass in values for `MYSQL_ROOT_PASSWORD` and `MYSQL_PASSWORD` varia ```yaml services: db: - image: mariadb:10.6 + image: mariadb:10.11 restart: always command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW volumes: @@ -342,7 +342,7 @@ Make sure to pass in values for `MYSQL_ROOT_PASSWORD` and `MYSQL_PASSWORD` varia ```yaml services: db: - image: mariadb:10.6 + image: mariadb:10.11 restart: always command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW volumes: From 8c777a4144ff406db6adfe9d674e7411b2f8871e Mon Sep 17 00:00:00 2001 From: Kaloyan Nikolov Date: Tue, 8 Oct 2024 16:53:11 +0300 Subject: [PATCH 4/6] Update examples nginx configuration (#2307) * Update config based on the official docs Signed-off-by: Kaloyan Nikolov * Update all example nginx configs according to the documentation Signed-off-by: Kaloyan Nikolov --------- Signed-off-by: Kaloyan Nikolov --- .examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf | 5 +++-- .../docker-compose/insecure/postgres/fpm/web/nginx.conf | 5 +++-- .../with-nginx-proxy/mariadb/fpm/web/nginx.conf | 5 +++-- .../with-nginx-proxy/postgres/fpm/web/nginx.conf | 5 +++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf index 5dff3389..1dd6e11d 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf @@ -14,6 +14,7 @@ http { default_type application/octet-stream; types { text/javascript mjs; + application/wasm wasm; } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' @@ -143,7 +144,7 @@ http { # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; @@ -166,7 +167,7 @@ http { } # Serve static files - location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Referrer-Policy "no-referrer" always; diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf index 5dff3389..1dd6e11d 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf @@ -14,6 +14,7 @@ http { default_type application/octet-stream; types { text/javascript mjs; + application/wasm wasm; } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' @@ -143,7 +144,7 @@ http { # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; @@ -166,7 +167,7 @@ http { } # Serve static files - location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Referrer-Policy "no-referrer" always; diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf index 02215270..a3c9f28b 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -14,6 +14,7 @@ http { default_type application/octet-stream; types { text/javascript mjs; + application/wasm wasm; } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' @@ -143,7 +144,7 @@ http { # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; @@ -166,7 +167,7 @@ http { } # Serve static files - location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Referrer-Policy "no-referrer" always; diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf index d7d29c68..a3c9f28b 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -14,6 +14,7 @@ http { default_type application/octet-stream; types { text/javascript mjs; + application/wasm wasm; } log_format main '$remote_addr - $remote_user [$time_local] "$request" ' @@ -143,7 +144,7 @@ http { # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; @@ -166,7 +167,7 @@ http { } # Serve static files - location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Referrer-Policy "no-referrer" always; From a9f9885e655bf1b16b7c8d3a5131ef161065492e Mon Sep 17 00:00:00 2001 From: Dominic Giebert Date: Tue, 8 Oct 2024 16:19:59 +0200 Subject: [PATCH 5/6] Add FORWARDED_FOR_HEADERS to the reverse-proxy config (#2272) * Add FORWARDED_FOR_HEADERS to the reverse-proxy config Signed-off-by: Dominic Giebert * Add FORWARDED_FOR_HEADERS to documentation Signed-off-by: Dominic Giebert --------- Signed-off-by: Dominic Giebert --- .config/reverse-proxy.config.php | 5 +++++ README.md | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.config/reverse-proxy.config.php b/.config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/.config/reverse-proxy.config.php +++ b/.config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/README.md b/README.md index abe5b25b..d8f41dcb 100644 --- a/README.md +++ b/README.md @@ -261,7 +261,7 @@ To use the hooks triggered by the `entrypoint` script, either ``` -## Using the apache image behind a reverse proxy and auto configure server host and protocol +## Using the image behind a reverse proxy and auto configure server host and protocol The apache image will replace the remote addr (IP address visible to Nextcloud) with the IP address from `X-Real-IP` if the request is coming from a proxy in `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16` by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client IP (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, then disable rewrite IP and add the reverse proxy's IP address to `TRUSTED_PROXIES`. @@ -276,6 +276,7 @@ If the `TRUSTED_PROXIES` approach does not work for you, try using fixed values - `OVERWRITECLIURL` (empty by default): Set the cli url of the proxy (e.g. https://mydnsname.example.com) - `OVERWRITEWEBROOT` (empty by default): Set the absolute path of the proxy. - `OVERWRITECONDADDR` (empty by default): Regex to overwrite the values dependent on the remote address. +- `FORWARDED_FOR_HEADERS` (empty by default): HTTP headers with the original client IP address Check the [Nexcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html) for more details. From 6c1075b88d7184b067ce7c685ed55d136f7f0635 Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Tue, 8 Oct 2024 14:20:13 +0000 Subject: [PATCH 6/6] Runs update.sh --- 28/apache/config/reverse-proxy.config.php | 5 +++++ 28/fpm-alpine/config/reverse-proxy.config.php | 5 +++++ 28/fpm/config/reverse-proxy.config.php | 5 +++++ 29/apache/config/reverse-proxy.config.php | 5 +++++ 29/fpm-alpine/config/reverse-proxy.config.php | 5 +++++ 29/fpm/config/reverse-proxy.config.php | 5 +++++ 30/apache/config/reverse-proxy.config.php | 5 +++++ 30/fpm-alpine/config/reverse-proxy.config.php | 5 +++++ 30/fpm/config/reverse-proxy.config.php | 5 +++++ 9 files changed, 45 insertions(+) diff --git a/28/apache/config/reverse-proxy.config.php b/28/apache/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/28/apache/config/reverse-proxy.config.php +++ b/28/apache/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/28/fpm-alpine/config/reverse-proxy.config.php b/28/fpm-alpine/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/28/fpm-alpine/config/reverse-proxy.config.php +++ b/28/fpm-alpine/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/28/fpm/config/reverse-proxy.config.php b/28/fpm/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/28/fpm/config/reverse-proxy.config.php +++ b/28/fpm/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/29/apache/config/reverse-proxy.config.php b/29/apache/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/29/apache/config/reverse-proxy.config.php +++ b/29/apache/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/29/fpm-alpine/config/reverse-proxy.config.php b/29/fpm-alpine/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/29/fpm-alpine/config/reverse-proxy.config.php +++ b/29/fpm-alpine/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/29/fpm/config/reverse-proxy.config.php b/29/fpm/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/29/fpm/config/reverse-proxy.config.php +++ b/29/fpm/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/30/apache/config/reverse-proxy.config.php b/30/apache/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/30/apache/config/reverse-proxy.config.php +++ b/30/apache/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/30/fpm-alpine/config/reverse-proxy.config.php b/30/fpm-alpine/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/30/fpm-alpine/config/reverse-proxy.config.php +++ b/30/fpm-alpine/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/30/fpm/config/reverse-proxy.config.php b/30/fpm/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/30/fpm/config/reverse-proxy.config.php +++ b/30/fpm/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +}