diff --git a/.config/redis.config.php b/.config/redis.config.php index a5fde3c7..a5b13da6 100644 --- a/.config/redis.config.php +++ b/.config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/.config/s3.config.php b/.config/s3.config.php index 374cba2d..9941c562 100644 --- a/.config/s3.config.php +++ b/.config/s3.config.php @@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_KEY_FILE')) { $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); @@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); @@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); diff --git a/.config/smtp.config.php b/.config/smtp.config.php index 5006fe47..66a2ef7e 100644 --- a/.config/smtp.config.php +++ b/.config/smtp.config.php @@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + if (getenv('SMTP_PASSWORD_FILE')) { $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); } elseif (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); diff --git a/.examples/README.md b/.examples/README.md index e962f67d..64b694b5 100644 --- a/.examples/README.md +++ b/.examples/README.md @@ -52,9 +52,6 @@ The required steps for each optional/recommended package that is not already in #### ffmpeg `apt install ffmpeg` -#### imagemagick SVG support -`apt install libmagickcore-6.q16-6-extra` - #### LibreOffice `apt install libreoffice` diff --git a/26/apache/Dockerfile b/26/apache/Dockerfile deleted file mode 100644 index 95585626..00000000 --- a/26/apache/Dockerfile +++ /dev/null @@ -1,174 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:8.2-apache-bookworm - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - busybox-static \ - bzip2 \ - libldap-common \ - libmagickcore-6.q16-6-extra \ - rsync \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libgmp-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmagickwand-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libwebp-dev \ - libxml2-dev \ - libzip-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure ftp --with-openssl-dir=/usr; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - ftp \ - gd \ - gmp \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - sysvsem \ - zip \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.23; \ - pecl install imagick-3.7.0; \ - pecl install memcached-3.2.0; \ - pecl install redis-6.0.2; \ - \ - docker-php-ext-enable \ - apcu \ - imagick \ - memcached \ - redis \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=32'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=60'; \ - echo 'opcache.jit=1255'; \ - echo 'opcache.jit_buffer_size=128M'; \ - } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ - \ - echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ - \ - mkdir /var/www/data; \ - mkdir -p /docker-entrypoint-hooks.d/pre-installation \ - /docker-entrypoint-hooks.d/post-installation \ - /docker-entrypoint-hooks.d/pre-upgrade \ - /docker-entrypoint-hooks.d/post-upgrade \ - /docker-entrypoint-hooks.d/before-starting; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - -RUN a2enmod headers rewrite remoteip ; \ - { \ - echo 'RemoteIPHeader X-Real-IP'; \ - echo 'RemoteIPInternalProxy 10.0.0.0/8'; \ - echo 'RemoteIPInternalProxy 172.16.0.0/12'; \ - echo 'RemoteIPInternalProxy 192.168.0.0/16'; \ - } > /etc/apache2/conf-available/remoteip.conf; \ - a2enconf remoteip - -# set apache config LimitRequestBody -ENV APACHE_BODY_LIMIT 1073741824 -RUN { \ - echo 'LimitRequestBody ${APACHE_BODY_LIMIT}'; \ - } > /etc/apache2/conf-available/apache-limits.conf; \ - a2enconf apache-limits - -ENV NEXTCLOUD_VERSION 26.0.13 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["apache2-foreground"] diff --git a/26/apache/config/apache-pretty-urls.config.php b/26/apache/config/apache-pretty-urls.config.php deleted file mode 100644 index 72da1d8c..00000000 --- a/26/apache/config/apache-pretty-urls.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '/', -); diff --git a/26/apache/config/apcu.config.php b/26/apache/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/26/apache/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/26/apache/config/apps.config.php b/26/apache/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/26/apache/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/26/apache/config/autoconfig.php b/26/apache/config/autoconfig.php deleted file mode 100644 index 92ad2a1c..00000000 --- a/26/apache/config/autoconfig.php +++ /dev/null @@ -1,41 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/26/apache/config/reverse-proxy.config.php b/26/apache/config/reverse-proxy.config.php deleted file mode 100644 index 7df0415e..00000000 --- a/26/apache/config/reverse-proxy.config.php +++ /dev/null @@ -1,30 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); - - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { - $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); - } else { - $CONFIG['objectstore']['arguments']['key'] = ''; - } - - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { - $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); - } else { - $CONFIG['objectstore']['arguments']['secret'] = ''; - } - - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); - } -} diff --git a/26/apache/config/smtp.config.php b/26/apache/config/smtp.config.php deleted file mode 100644 index 5006fe47..00000000 --- a/26/apache/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/26/apache/config/swift.config.php b/26/apache/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/26/apache/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/26/apache/config/upgrade-disable-web.config.php b/26/apache/config/upgrade-disable-web.config.php deleted file mode 100644 index cb00b436..00000000 --- a/26/apache/config/upgrade-disable-web.config.php +++ /dev/null @@ -1,4 +0,0 @@ - true, -); diff --git a/26/apache/cron.sh b/26/apache/cron.sh deleted file mode 100755 index b4cd9af6..00000000 --- a/26/apache/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -L /dev/stdout diff --git a/26/apache/entrypoint.sh b/26/apache/entrypoint.sh deleted file mode 100755 index 5b627f07..00000000 --- a/26/apache/entrypoint.sh +++ /dev/null @@ -1,279 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# Execute all executable files in a given directory in alphanumeric order -run_path() { - local hook_folder_path="/docker-entrypoint-hooks.d/$1" - local return_code=0 - - if ! [ -d "${hook_folder_path}" ]; then - echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist" - return 0 - fi - - echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" - - ( - find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do - if ! [ -x "${script_file_path}" ]; then - echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag" - continue - fi - - echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - - run_as "${script_file_path}" || return_code="$?" - - if [ "${return_code}" -ne "0" ]; then - echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" - exit 1 - fi - - echo "==> Finished the script: \"${script_file_path}\"" - done - ) -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - uid="$(id -u)" - gid="$(id -g)" - if [ "$uid" = '0' ]; then - case "$1" in - apache2*) - user="${APACHE_RUN_USER:-www-data}" - group="${APACHE_RUN_GROUP:-www-data}" - - # strip off any '#' symbol ('#1000' is valid syntax for Apache) - user="${user#'#'}" - group="${group#'#'}" - ;; - *) # php-fpm - user='www-data' - group='www-data' - ;; - esac - else - user="$uid" - group="$gid" - fi - - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - # If another process is syncing the html folder, wait for - # it to be done, then escape initalization. - ( - if ! flock -n 9; then - # If we couldn't get it immediately, show a message, then wait for real - echo "Another process is initializing Nextcloud. Waiting..." - flock 9 - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then - echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." - echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." - exit 1 - fi - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown $user:$group" - else - rsync_options="-rlD" - fi - - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - - # Install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - run_path pre-installation - - echo "Starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "Retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "Installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "Setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - - run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi - fi - # Upgrade - else - run_path pre-upgrade - - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - run_path post-upgrade - fi - - echo "Initializing finished" - fi - - # Update htaccess after init if requested - if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' - fi - ) 9> /var/www/html/nextcloud-init-sync.lock - - run_path before-starting -fi - -exec "$@" diff --git a/26/apache/upgrade.exclude b/26/apache/upgrade.exclude deleted file mode 100644 index 31ce39a8..00000000 --- a/26/apache/upgrade.exclude +++ /dev/null @@ -1,6 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php -/nextcloud-init-sync.lock diff --git a/26/fpm-alpine/Dockerfile b/26/fpm-alpine/Dockerfile deleted file mode 100644 index fe9c75f8..00000000 --- a/26/fpm-alpine/Dockerfile +++ /dev/null @@ -1,143 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:8.2-fpm-alpine3.19 - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apk add --no-cache \ - imagemagick \ - rsync \ - ; \ - \ - rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -RUN set -ex; \ - \ - apk add --no-cache --virtual .build-deps \ - $PHPIZE_DEPS \ - autoconf \ - freetype-dev \ - gmp-dev \ - icu-dev \ - imagemagick-dev \ - libevent-dev \ - libjpeg-turbo-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libwebp-dev \ - libxml2-dev \ - libzip-dev \ - openldap-dev \ - pcre-dev \ - postgresql-dev \ - ; \ - \ - docker-php-ext-configure ftp --with-openssl-dir=/usr; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - ftp \ - gd \ - gmp \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - sysvsem \ - zip \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.23; \ - pecl install imagick-3.7.0; \ - pecl install memcached-3.2.0; \ - pecl install redis-6.0.2; \ - \ - docker-php-ext-enable \ - apcu \ - imagick \ - memcached \ - redis \ - ; \ - rm -r /tmp/pear; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --no-network --virtual .nextcloud-phpext-rundeps $runDeps; \ - apk del --no-network .build-deps - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=32'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=60'; \ - echo 'opcache.jit=1255'; \ - echo 'opcache.jit_buffer_size=128M'; \ - } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ - \ - echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ - \ - mkdir /var/www/data; \ - mkdir -p /docker-entrypoint-hooks.d/pre-installation \ - /docker-entrypoint-hooks.d/post-installation \ - /docker-entrypoint-hooks.d/pre-upgrade \ - /docker-entrypoint-hooks.d/post-upgrade \ - /docker-entrypoint-hooks.d/before-starting; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 26.0.13 - -RUN set -ex; \ - apk add --no-cache --virtual .fetch-deps \ - bzip2 \ - gnupg \ - ; \ - \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - apk del --no-network .fetch-deps - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/26/fpm-alpine/config/apcu.config.php b/26/fpm-alpine/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/26/fpm-alpine/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/26/fpm-alpine/config/apps.config.php b/26/fpm-alpine/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/26/fpm-alpine/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/26/fpm-alpine/config/autoconfig.php b/26/fpm-alpine/config/autoconfig.php deleted file mode 100644 index 92ad2a1c..00000000 --- a/26/fpm-alpine/config/autoconfig.php +++ /dev/null @@ -1,41 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/26/fpm-alpine/config/reverse-proxy.config.php b/26/fpm-alpine/config/reverse-proxy.config.php deleted file mode 100644 index 7df0415e..00000000 --- a/26/fpm-alpine/config/reverse-proxy.config.php +++ /dev/null @@ -1,30 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); - - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { - $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); - } else { - $CONFIG['objectstore']['arguments']['key'] = ''; - } - - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { - $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); - } else { - $CONFIG['objectstore']['arguments']['secret'] = ''; - } - - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); - } -} diff --git a/26/fpm-alpine/config/smtp.config.php b/26/fpm-alpine/config/smtp.config.php deleted file mode 100644 index 5006fe47..00000000 --- a/26/fpm-alpine/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/26/fpm-alpine/config/swift.config.php b/26/fpm-alpine/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/26/fpm-alpine/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/26/fpm-alpine/config/upgrade-disable-web.config.php b/26/fpm-alpine/config/upgrade-disable-web.config.php deleted file mode 100644 index cb00b436..00000000 --- a/26/fpm-alpine/config/upgrade-disable-web.config.php +++ /dev/null @@ -1,4 +0,0 @@ - true, -); diff --git a/26/fpm-alpine/cron.sh b/26/fpm-alpine/cron.sh deleted file mode 100755 index b4cd9af6..00000000 --- a/26/fpm-alpine/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -L /dev/stdout diff --git a/26/fpm-alpine/entrypoint.sh b/26/fpm-alpine/entrypoint.sh deleted file mode 100755 index 5b627f07..00000000 --- a/26/fpm-alpine/entrypoint.sh +++ /dev/null @@ -1,279 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# Execute all executable files in a given directory in alphanumeric order -run_path() { - local hook_folder_path="/docker-entrypoint-hooks.d/$1" - local return_code=0 - - if ! [ -d "${hook_folder_path}" ]; then - echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist" - return 0 - fi - - echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" - - ( - find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do - if ! [ -x "${script_file_path}" ]; then - echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag" - continue - fi - - echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - - run_as "${script_file_path}" || return_code="$?" - - if [ "${return_code}" -ne "0" ]; then - echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" - exit 1 - fi - - echo "==> Finished the script: \"${script_file_path}\"" - done - ) -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - uid="$(id -u)" - gid="$(id -g)" - if [ "$uid" = '0' ]; then - case "$1" in - apache2*) - user="${APACHE_RUN_USER:-www-data}" - group="${APACHE_RUN_GROUP:-www-data}" - - # strip off any '#' symbol ('#1000' is valid syntax for Apache) - user="${user#'#'}" - group="${group#'#'}" - ;; - *) # php-fpm - user='www-data' - group='www-data' - ;; - esac - else - user="$uid" - group="$gid" - fi - - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - # If another process is syncing the html folder, wait for - # it to be done, then escape initalization. - ( - if ! flock -n 9; then - # If we couldn't get it immediately, show a message, then wait for real - echo "Another process is initializing Nextcloud. Waiting..." - flock 9 - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then - echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." - echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." - exit 1 - fi - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown $user:$group" - else - rsync_options="-rlD" - fi - - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - - # Install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - run_path pre-installation - - echo "Starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "Retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "Installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "Setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - - run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi - fi - # Upgrade - else - run_path pre-upgrade - - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - run_path post-upgrade - fi - - echo "Initializing finished" - fi - - # Update htaccess after init if requested - if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' - fi - ) 9> /var/www/html/nextcloud-init-sync.lock - - run_path before-starting -fi - -exec "$@" diff --git a/26/fpm-alpine/upgrade.exclude b/26/fpm-alpine/upgrade.exclude deleted file mode 100644 index 31ce39a8..00000000 --- a/26/fpm-alpine/upgrade.exclude +++ /dev/null @@ -1,6 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php -/nextcloud-init-sync.lock diff --git a/26/fpm/Dockerfile b/26/fpm/Dockerfile deleted file mode 100644 index b74f1052..00000000 --- a/26/fpm/Dockerfile +++ /dev/null @@ -1,159 +0,0 @@ -# DO NOT EDIT: created by update.sh from Dockerfile-debian.template -FROM php:8.2-fpm-bookworm - -# entrypoint.sh and cron.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - busybox-static \ - bzip2 \ - libldap-common \ - libmagickcore-6.q16-6-extra \ - rsync \ - ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data - -# install the PHP extensions we need -# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libcurl4-openssl-dev \ - libevent-dev \ - libfreetype6-dev \ - libgmp-dev \ - libicu-dev \ - libjpeg-dev \ - libldap2-dev \ - libmagickwand-dev \ - libmcrypt-dev \ - libmemcached-dev \ - libpng-dev \ - libpq-dev \ - libwebp-dev \ - libxml2-dev \ - libzip-dev \ - ; \ - \ - debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - docker-php-ext-configure ftp --with-openssl-dir=/usr; \ - docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ - docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - ftp \ - gd \ - gmp \ - intl \ - ldap \ - opcache \ - pcntl \ - pdo_mysql \ - pdo_pgsql \ - sysvsem \ - zip \ - ; \ - \ -# pecl will claim success even if one install fails, so we need to perform each install separately - pecl install APCu-5.1.23; \ - pecl install imagick-3.7.0; \ - pecl install memcached-3.2.0; \ - pecl install redis-6.0.2; \ - \ - docker-php-ext-enable \ - apcu \ - imagick \ - memcached \ - redis \ - ; \ - rm -r /tmp/pear; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache -RUN { \ - echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=32'; \ - echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.save_comments=1'; \ - echo 'opcache.revalidate_freq=60'; \ - echo 'opcache.jit=1255'; \ - echo 'opcache.jit_buffer_size=128M'; \ - } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ - \ - echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ - \ - { \ - echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ - echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ - echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ - } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ - \ - mkdir /var/www/data; \ - mkdir -p /docker-entrypoint-hooks.d/pre-installation \ - /docker-entrypoint-hooks.d/post-installation \ - /docker-entrypoint-hooks.d/pre-upgrade \ - /docker-entrypoint-hooks.d/post-upgrade \ - /docker-entrypoint-hooks.d/before-starting; \ - chown -R www-data:root /var/www; \ - chmod -R g=u /var/www - -VOLUME /var/www/html - - -ENV NEXTCLOUD_VERSION 26.0.13 - -RUN set -ex; \ - fetchDeps=" \ - gnupg \ - dirmngr \ - "; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ -# gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ - gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - tar -xjf nextcloud.tar.bz2 -C /usr/src/; \ - gpgconf --kill all; \ - rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \ - rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \ - mkdir -p /usr/src/nextcloud/data; \ - mkdir -p /usr/src/nextcloud/custom_apps; \ - chmod +x /usr/src/nextcloud/occ; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ - rm -rf /var/lib/apt/lists/* - -COPY *.sh upgrade.exclude / -COPY config/* /usr/src/nextcloud/config/ - -ENTRYPOINT ["/entrypoint.sh"] -CMD ["php-fpm"] diff --git a/26/fpm/config/apcu.config.php b/26/fpm/config/apcu.config.php deleted file mode 100644 index 69fed876..00000000 --- a/26/fpm/config/apcu.config.php +++ /dev/null @@ -1,4 +0,0 @@ - '\OC\Memcache\APCu', -); diff --git a/26/fpm/config/apps.config.php b/26/fpm/config/apps.config.php deleted file mode 100644 index 4c37f72a..00000000 --- a/26/fpm/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - 'path' => OC::$SERVERROOT.'/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => array ( - 'path' => OC::$SERVERROOT.'/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), -); diff --git a/26/fpm/config/autoconfig.php b/26/fpm/config/autoconfig.php deleted file mode 100644 index 92ad2a1c..00000000 --- a/26/fpm/config/autoconfig.php +++ /dev/null @@ -1,41 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), - ), - ); - - if (getenv('REDIS_HOST_PORT') !== false) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; - } -} diff --git a/26/fpm/config/reverse-proxy.config.php b/26/fpm/config/reverse-proxy.config.php deleted file mode 100644 index 7df0415e..00000000 --- a/26/fpm/config/reverse-proxy.config.php +++ /dev/null @@ -1,30 +0,0 @@ - array( - 'class' => '\OC\Files\ObjectStore\S3', - 'arguments' => array( - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', - 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', - 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', - 'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '', - 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, - // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', - // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' - ) - ) - ); - - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { - $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_KEY')) { - $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); - } else { - $CONFIG['objectstore']['arguments']['key'] = ''; - } - - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { - $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SECRET')) { - $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); - } else { - $CONFIG['objectstore']['arguments']['secret'] = ''; - } - - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); - } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { - $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); - } -} diff --git a/26/fpm/config/smtp.config.php b/26/fpm/config/smtp.config.php deleted file mode 100644 index 5006fe47..00000000 --- a/26/fpm/config/smtp.config.php +++ /dev/null @@ -1,22 +0,0 @@ - 'smtp', - 'mail_smtphost' => getenv('SMTP_HOST'), - 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), - 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), - 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', - 'mail_smtpname' => getenv('SMTP_NAME') ?: '', - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - ); - - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { - $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); - } elseif (getenv('SMTP_PASSWORD')) { - $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); - } else { - $CONFIG['mail_smtppassword'] = ''; - } -} diff --git a/26/fpm/config/swift.config.php b/26/fpm/config/swift.config.php deleted file mode 100644 index 47ada566..00000000 --- a/26/fpm/config/swift.config.php +++ /dev/null @@ -1,31 +0,0 @@ - [ - 'class' => 'OC\\Files\\ObjectStore\\Swift', - 'arguments' => [ - 'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false', - 'user' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'), - 'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default', - ], - ], - 'scope' => [ - 'project' => [ - 'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'), - 'domain' => [ - 'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default', - ], - ], - ], - 'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift', - 'region' => getenv('OBJECTSTORE_SWIFT_REGION'), - 'url' => getenv('OBJECTSTORE_SWIFT_URL'), - 'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'), - ] - ] - ); -} diff --git a/26/fpm/config/upgrade-disable-web.config.php b/26/fpm/config/upgrade-disable-web.config.php deleted file mode 100644 index cb00b436..00000000 --- a/26/fpm/config/upgrade-disable-web.config.php +++ /dev/null @@ -1,4 +0,0 @@ - true, -); diff --git a/26/fpm/cron.sh b/26/fpm/cron.sh deleted file mode 100755 index b4cd9af6..00000000 --- a/26/fpm/cron.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eu - -exec busybox crond -f -L /dev/stdout diff --git a/26/fpm/entrypoint.sh b/26/fpm/entrypoint.sh deleted file mode 100755 index 5b627f07..00000000 --- a/26/fpm/entrypoint.sh +++ /dev/null @@ -1,279 +0,0 @@ -#!/bin/sh -set -eu - -# version_greater A B returns whether A > B -version_greater() { - [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ] -} - -# return true if specified directory is empty -directory_empty() { - [ -z "$(ls -A "$1/")" ] -} - -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - -# Execute all executable files in a given directory in alphanumeric order -run_path() { - local hook_folder_path="/docker-entrypoint-hooks.d/$1" - local return_code=0 - - if ! [ -d "${hook_folder_path}" ]; then - echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist" - return 0 - fi - - echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}" - - ( - find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do - if ! [ -x "${script_file_path}" ]; then - echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag" - continue - fi - - echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - - run_as "${script_file_path}" || return_code="$?" - - if [ "${return_code}" -ne "0" ]; then - echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" - exit 1 - fi - - echo "==> Finished the script: \"${script_file_path}\"" - done - ) -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") - local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") - if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - if [ -n "${varValue}" ]; then - export "$var"="${varValue}" - elif [ -n "${fileVarValue}" ]; then - export "$var"="$(cat "${fileVarValue}")" - elif [ -n "${def}" ]; then - export "$var"="$def" - fi - unset "$fileVar" -} - -if expr "$1" : "apache" 1>/dev/null; then - if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then - a2disconf remoteip - fi -fi - -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then - uid="$(id -u)" - gid="$(id -g)" - if [ "$uid" = '0' ]; then - case "$1" in - apache2*) - user="${APACHE_RUN_USER:-www-data}" - group="${APACHE_RUN_GROUP:-www-data}" - - # strip off any '#' symbol ('#1000' is valid syntax for Apache) - user="${user#'#'}" - group="${group#'#'}" - ;; - *) # php-fpm - user='www-data' - group='www-data' - ;; - esac - else - user="$uid" - group="$gid" - fi - - if [ -n "${REDIS_HOST+x}" ]; then - - echo "Configuring Redis as session handler" - { - file_env REDIS_HOST_PASSWORD - echo 'session.save_handler = redis' - # check if redis host is an unix socket path - if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then - if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"unix://${REDIS_HOST}\"" - fi - # check if redis password has been set - elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" - else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" - fi - echo "redis.session.locking_enabled = 1" - echo "redis.session.lock_retries = -1" - # redis.session.lock_wait_time is specified in microseconds. - # Wait 10ms before retrying the lock rather than the default 2ms. - echo "redis.session.lock_wait_time = 10000" - } > /usr/local/etc/php/conf.d/redis-session.ini - fi - - # If another process is syncing the html folder, wait for - # it to be done, then escape initalization. - ( - if ! flock -n 9; then - # If we couldn't get it immediately, show a message, then wait for real - echo "Another process is initializing Nextcloud. Waiting..." - flock 9 - fi - - installed_version="0.0.0.0" - if [ -f /var/www/html/version.php ]; then - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - fi - # shellcheck disable=SC2016 - image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" - - if version_greater "$installed_version" "$image_version"; then - echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?" - exit 1 - fi - - if version_greater "$image_version" "$installed_version"; then - echo "Initializing nextcloud $image_version ..." - if [ "$installed_version" != "0.0.0.0" ]; then - if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then - echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported." - echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16." - exit 1 - fi - echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before - fi - if [ "$(id -u)" = 0 ]; then - rsync_options="-rlDog --chown $user:$group" - else - rsync_options="-rlD" - fi - - rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ - for dir in config data custom_apps themes; do - if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - fi - done - rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/ - - # Install - if [ "$installed_version" = "0.0.0.0" ]; then - echo "New nextcloud instance" - - file_env NEXTCLOUD_ADMIN_PASSWORD - file_env NEXTCLOUD_ADMIN_USER - - if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then - # shellcheck disable=SC2016 - install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' - if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then - # shellcheck disable=SC2016 - install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' - fi - - file_env MYSQL_DATABASE - file_env MYSQL_PASSWORD - file_env MYSQL_USER - file_env POSTGRES_DB - file_env POSTGRES_PASSWORD - file_env POSTGRES_USER - - install=false - if [ -n "${SQLITE_DATABASE+x}" ]; then - echo "Installing with SQLite database" - # shellcheck disable=SC2016 - install_options=$install_options' --database-name "$SQLITE_DATABASE"' - install=true - elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then - echo "Installing with MySQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"' - install=true - elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then - echo "Installing with PostgreSQL database" - # shellcheck disable=SC2016 - install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"' - install=true - fi - - if [ "$install" = true ]; then - run_path pre-installation - - echo "Starting nextcloud installation" - max_retries=10 - try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] - do - echo "Retrying install..." - try=$((try+1)) - sleep 10s - done - if [ "$try" -gt "$max_retries" ]; then - echo "Installing of nextcloud failed!" - exit 1 - fi - if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then - echo "Setting trusted domains…" - NC_TRUSTED_DOMAIN_IDX=1 - for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do - DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" - NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) - done - fi - - run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi - fi - # Upgrade - else - run_path pre-upgrade - - run_as 'php /var/www/html/occ upgrade' - - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after - echo "The following apps have been disabled:" - diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 - rm -f /tmp/list_before /tmp/list_after - - run_path post-upgrade - fi - - echo "Initializing finished" - fi - - # Update htaccess after init if requested - if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' - fi - ) 9> /var/www/html/nextcloud-init-sync.lock - - run_path before-starting -fi - -exec "$@" diff --git a/26/fpm/upgrade.exclude b/26/fpm/upgrade.exclude deleted file mode 100644 index 31ce39a8..00000000 --- a/26/fpm/upgrade.exclude +++ /dev/null @@ -1,6 +0,0 @@ -/config/ -/data/ -/custom_apps/ -/themes/ -/version.php -/nextcloud-init-sync.lock diff --git a/27/apache/Dockerfile b/27/apache/Dockerfile index 853a3713..8b9a64fe 100644 --- a/27/apache/Dockerfile +++ b/27/apache/Dockerfile @@ -15,7 +15,7 @@ RUN set -ex; \ rm -rf /var/lib/apt/lists/*; \ \ mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/5 * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -140,7 +140,7 @@ RUN { \ } > /etc/apache2/conf-available/apache-limits.conf; \ a2enconf apache-limits -ENV NEXTCLOUD_VERSION 27.1.8 +ENV NEXTCLOUD_VERSION 27.1.11 RUN set -ex; \ fetchDeps=" \ @@ -150,8 +150,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.11.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.11.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ @@ -167,7 +167,8 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ rm -rf /var/lib/apt/lists/* -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/27/apache/config/redis.config.php b/27/apache/config/redis.config.php index a5fde3c7..a5b13da6 100644 --- a/27/apache/config/redis.config.php +++ b/27/apache/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/27/apache/config/s3.config.php b/27/apache/config/s3.config.php index 374cba2d..9941c562 100644 --- a/27/apache/config/s3.config.php +++ b/27/apache/config/s3.config.php @@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_KEY_FILE')) { $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); @@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); @@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); diff --git a/27/apache/config/smtp.config.php b/27/apache/config/smtp.config.php index 5006fe47..66a2ef7e 100644 --- a/27/apache/config/smtp.config.php +++ b/27/apache/config/smtp.config.php @@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + if (getenv('SMTP_PASSWORD_FILE')) { $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); } elseif (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); diff --git a/27/apache/entrypoint.sh b/27/apache/entrypoint.sh index 5b627f07..ef80647a 100755 --- a/27/apache/entrypoint.sh +++ b/27/apache/entrypoint.sh @@ -11,14 +11,6 @@ directory_empty() { [ -z "$(ls -A "$1/")" ] } -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - # Execute all executable files in a given directory in alphanumeric order run_path() { local hook_folder_path="/docker-entrypoint-hooks.d/$1" @@ -40,7 +32,11 @@ run_path() { echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - run_as "${script_file_path}" || return_code="$?" + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh "${script_file_path}" || return_code="$?" + else + "${script_file_path}" || return_code="$?" + fi if [ "${return_code}" -ne "0" ]; then echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" @@ -163,7 +159,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP exit 1 fi echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi if [ "$(id -u)" = 0 ]; then rsync_options="-rlDog --chown $user:$group" @@ -186,6 +182,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_USER + install=false if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -201,7 +198,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_PASSWORD file_env POSTGRES_USER - install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -225,7 +221,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP echo "Starting nextcloud installation" max_retries=10 try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + until [ "$try" -gt "$max_retries" ] || eval "occ maintenance:install $install_options" do echo "Retrying install..." try=$((try+1)) @@ -240,23 +236,26 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=1 for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + occ config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_IDX" --value="$DOMAIN" NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi + fi + fi + # not enough specified to do a fully automated installation + if [ "$install" = false ]; then + echo "Next step: Access your instance to finish the web-based installation!" + echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation." fi # Upgrade else run_path pre-upgrade - run_as 'php /var/www/html/occ upgrade' + occ upgrade - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after @@ -269,10 +268,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # Update htaccess after init if requested if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' + occ maintenance:update:htaccess fi ) 9> /var/www/html/nextcloud-init-sync.lock + # warn if config files on persistent storage differ from the latest version of this image + for cfgPath in /usr/src/nextcloud/config/*.php; do + cfgFile=$(basename "$cfgPath") + + if [ "$cfgFile" != "config.sample.php" ]; then + if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then + echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile" + fi + fi + done + run_path before-starting fi diff --git a/27/apache/occ b/27/apache/occ new file mode 100755 index 00000000..70b08e7d --- /dev/null +++ b/27/apache/occ @@ -0,0 +1,14 @@ +#!/bin/sh +set -eu + +[ -e /var/www/html/occ ] || { echo "Unable to run \`occ\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/occ ] || { echo "Unable to run \`occ\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/occ)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/occ -- "$@"' -- '/bin/sh' "$@" +else + exec php -f /var/www/html/occ -- "$@" +fi diff --git a/27/apache/occ-cron b/27/apache/occ-cron new file mode 100755 index 00000000..798cc175 --- /dev/null +++ b/27/apache/occ-cron @@ -0,0 +1,19 @@ +#!/bin/sh +set -eu + +if [ "$(occ status 2> /dev/null | sed -ne 's/^ - installed: \(.*\)$/\1/p')" != "true" ]; then + echo "Nextcloud is not installed - cronjobs are not available" >&2 + exit 1 +fi + +[ -e /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/cron.php)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ-cron\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/cron.php' -- '/bin/sh' +else + exec php -f /var/www/html/cron.php +fi diff --git a/27/fpm-alpine/Dockerfile b/27/fpm-alpine/Dockerfile index 04ba1dcf..68bfba03 100644 --- a/27/fpm-alpine/Dockerfile +++ b/27/fpm-alpine/Dockerfile @@ -1,16 +1,23 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:8.2-fpm-alpine3.19 +FROM php:8.2-fpm-alpine3.20 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ \ apk add --no-cache \ imagemagick \ + imagemagick-pdf \ + imagemagick-jpeg \ + imagemagick-raw \ + imagemagick-tiff \ + imagemagick-heic \ + imagemagick-webp \ + imagemagick-svg \ rsync \ ; \ \ rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/5 * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -113,7 +120,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 27.1.8 +ENV NEXTCLOUD_VERSION 27.1.11 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ @@ -121,8 +128,8 @@ RUN set -ex; \ gnupg \ ; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.11.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.11.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ @@ -136,7 +143,8 @@ RUN set -ex; \ chmod +x /usr/src/nextcloud/occ; \ apk del --no-network .fetch-deps -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/27/fpm-alpine/config/redis.config.php b/27/fpm-alpine/config/redis.config.php index a5fde3c7..a5b13da6 100644 --- a/27/fpm-alpine/config/redis.config.php +++ b/27/fpm-alpine/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/27/fpm-alpine/config/s3.config.php b/27/fpm-alpine/config/s3.config.php index 374cba2d..9941c562 100644 --- a/27/fpm-alpine/config/s3.config.php +++ b/27/fpm-alpine/config/s3.config.php @@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_KEY_FILE')) { $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); @@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); @@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); diff --git a/27/fpm-alpine/config/smtp.config.php b/27/fpm-alpine/config/smtp.config.php index 5006fe47..66a2ef7e 100644 --- a/27/fpm-alpine/config/smtp.config.php +++ b/27/fpm-alpine/config/smtp.config.php @@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + if (getenv('SMTP_PASSWORD_FILE')) { $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); } elseif (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); diff --git a/27/fpm-alpine/entrypoint.sh b/27/fpm-alpine/entrypoint.sh index 5b627f07..ef80647a 100755 --- a/27/fpm-alpine/entrypoint.sh +++ b/27/fpm-alpine/entrypoint.sh @@ -11,14 +11,6 @@ directory_empty() { [ -z "$(ls -A "$1/")" ] } -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - # Execute all executable files in a given directory in alphanumeric order run_path() { local hook_folder_path="/docker-entrypoint-hooks.d/$1" @@ -40,7 +32,11 @@ run_path() { echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - run_as "${script_file_path}" || return_code="$?" + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh "${script_file_path}" || return_code="$?" + else + "${script_file_path}" || return_code="$?" + fi if [ "${return_code}" -ne "0" ]; then echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" @@ -163,7 +159,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP exit 1 fi echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi if [ "$(id -u)" = 0 ]; then rsync_options="-rlDog --chown $user:$group" @@ -186,6 +182,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_USER + install=false if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -201,7 +198,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_PASSWORD file_env POSTGRES_USER - install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -225,7 +221,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP echo "Starting nextcloud installation" max_retries=10 try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + until [ "$try" -gt "$max_retries" ] || eval "occ maintenance:install $install_options" do echo "Retrying install..." try=$((try+1)) @@ -240,23 +236,26 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=1 for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + occ config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_IDX" --value="$DOMAIN" NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi + fi + fi + # not enough specified to do a fully automated installation + if [ "$install" = false ]; then + echo "Next step: Access your instance to finish the web-based installation!" + echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation." fi # Upgrade else run_path pre-upgrade - run_as 'php /var/www/html/occ upgrade' + occ upgrade - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after @@ -269,10 +268,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # Update htaccess after init if requested if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' + occ maintenance:update:htaccess fi ) 9> /var/www/html/nextcloud-init-sync.lock + # warn if config files on persistent storage differ from the latest version of this image + for cfgPath in /usr/src/nextcloud/config/*.php; do + cfgFile=$(basename "$cfgPath") + + if [ "$cfgFile" != "config.sample.php" ]; then + if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then + echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile" + fi + fi + done + run_path before-starting fi diff --git a/27/fpm-alpine/occ b/27/fpm-alpine/occ new file mode 100755 index 00000000..70b08e7d --- /dev/null +++ b/27/fpm-alpine/occ @@ -0,0 +1,14 @@ +#!/bin/sh +set -eu + +[ -e /var/www/html/occ ] || { echo "Unable to run \`occ\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/occ ] || { echo "Unable to run \`occ\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/occ)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/occ -- "$@"' -- '/bin/sh' "$@" +else + exec php -f /var/www/html/occ -- "$@" +fi diff --git a/27/fpm-alpine/occ-cron b/27/fpm-alpine/occ-cron new file mode 100755 index 00000000..798cc175 --- /dev/null +++ b/27/fpm-alpine/occ-cron @@ -0,0 +1,19 @@ +#!/bin/sh +set -eu + +if [ "$(occ status 2> /dev/null | sed -ne 's/^ - installed: \(.*\)$/\1/p')" != "true" ]; then + echo "Nextcloud is not installed - cronjobs are not available" >&2 + exit 1 +fi + +[ -e /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/cron.php)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ-cron\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/cron.php' -- '/bin/sh' +else + exec php -f /var/www/html/cron.php +fi diff --git a/27/fpm/Dockerfile b/27/fpm/Dockerfile index ade6aaa3..25dcc604 100644 --- a/27/fpm/Dockerfile +++ b/27/fpm/Dockerfile @@ -15,7 +15,7 @@ RUN set -ex; \ rm -rf /var/lib/apt/lists/*; \ \ mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/5 * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -125,7 +125,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 27.1.8 +ENV NEXTCLOUD_VERSION 27.1.11 RUN set -ex; \ fetchDeps=" \ @@ -135,8 +135,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.11.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.11.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ @@ -152,7 +152,8 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ rm -rf /var/lib/apt/lists/* -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/27/fpm/config/redis.config.php b/27/fpm/config/redis.config.php index a5fde3c7..a5b13da6 100644 --- a/27/fpm/config/redis.config.php +++ b/27/fpm/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/27/fpm/config/s3.config.php b/27/fpm/config/s3.config.php index 374cba2d..9941c562 100644 --- a/27/fpm/config/s3.config.php +++ b/27/fpm/config/s3.config.php @@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_KEY_FILE')) { $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); @@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); @@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); diff --git a/27/fpm/config/smtp.config.php b/27/fpm/config/smtp.config.php index 5006fe47..66a2ef7e 100644 --- a/27/fpm/config/smtp.config.php +++ b/27/fpm/config/smtp.config.php @@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + if (getenv('SMTP_PASSWORD_FILE')) { $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); } elseif (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); diff --git a/27/fpm/entrypoint.sh b/27/fpm/entrypoint.sh index 5b627f07..ef80647a 100755 --- a/27/fpm/entrypoint.sh +++ b/27/fpm/entrypoint.sh @@ -11,14 +11,6 @@ directory_empty() { [ -z "$(ls -A "$1/")" ] } -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - # Execute all executable files in a given directory in alphanumeric order run_path() { local hook_folder_path="/docker-entrypoint-hooks.d/$1" @@ -40,7 +32,11 @@ run_path() { echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - run_as "${script_file_path}" || return_code="$?" + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh "${script_file_path}" || return_code="$?" + else + "${script_file_path}" || return_code="$?" + fi if [ "${return_code}" -ne "0" ]; then echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" @@ -163,7 +159,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP exit 1 fi echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi if [ "$(id -u)" = 0 ]; then rsync_options="-rlDog --chown $user:$group" @@ -186,6 +182,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_USER + install=false if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -201,7 +198,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_PASSWORD file_env POSTGRES_USER - install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -225,7 +221,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP echo "Starting nextcloud installation" max_retries=10 try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + until [ "$try" -gt "$max_retries" ] || eval "occ maintenance:install $install_options" do echo "Retrying install..." try=$((try+1)) @@ -240,23 +236,26 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=1 for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + occ config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_IDX" --value="$DOMAIN" NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi + fi + fi + # not enough specified to do a fully automated installation + if [ "$install" = false ]; then + echo "Next step: Access your instance to finish the web-based installation!" + echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation." fi # Upgrade else run_path pre-upgrade - run_as 'php /var/www/html/occ upgrade' + occ upgrade - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after @@ -269,10 +268,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # Update htaccess after init if requested if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' + occ maintenance:update:htaccess fi ) 9> /var/www/html/nextcloud-init-sync.lock + # warn if config files on persistent storage differ from the latest version of this image + for cfgPath in /usr/src/nextcloud/config/*.php; do + cfgFile=$(basename "$cfgPath") + + if [ "$cfgFile" != "config.sample.php" ]; then + if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then + echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile" + fi + fi + done + run_path before-starting fi diff --git a/27/fpm/occ b/27/fpm/occ new file mode 100755 index 00000000..70b08e7d --- /dev/null +++ b/27/fpm/occ @@ -0,0 +1,14 @@ +#!/bin/sh +set -eu + +[ -e /var/www/html/occ ] || { echo "Unable to run \`occ\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/occ ] || { echo "Unable to run \`occ\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/occ)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/occ -- "$@"' -- '/bin/sh' "$@" +else + exec php -f /var/www/html/occ -- "$@" +fi diff --git a/27/fpm/occ-cron b/27/fpm/occ-cron new file mode 100755 index 00000000..798cc175 --- /dev/null +++ b/27/fpm/occ-cron @@ -0,0 +1,19 @@ +#!/bin/sh +set -eu + +if [ "$(occ status 2> /dev/null | sed -ne 's/^ - installed: \(.*\)$/\1/p')" != "true" ]; then + echo "Nextcloud is not installed - cronjobs are not available" >&2 + exit 1 +fi + +[ -e /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/cron.php)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ-cron\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/cron.php' -- '/bin/sh' +else + exec php -f /var/www/html/cron.php +fi diff --git a/28/apache/Dockerfile b/28/apache/Dockerfile index 8bd19340..d31bfc2a 100644 --- a/28/apache/Dockerfile +++ b/28/apache/Dockerfile @@ -15,7 +15,7 @@ RUN set -ex; \ rm -rf /var/lib/apt/lists/*; \ \ mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/5 * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -140,7 +140,7 @@ RUN { \ } > /etc/apache2/conf-available/apache-limits.conf; \ a2enconf apache-limits -ENV NEXTCLOUD_VERSION 28.0.4 +ENV NEXTCLOUD_VERSION 28.0.8 RUN set -ex; \ fetchDeps=" \ @@ -150,8 +150,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.8.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.8.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ @@ -167,7 +167,8 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ rm -rf /var/lib/apt/lists/* -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/28/apache/config/redis.config.php b/28/apache/config/redis.config.php index a5fde3c7..a5b13da6 100644 --- a/28/apache/config/redis.config.php +++ b/28/apache/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/28/apache/config/s3.config.php b/28/apache/config/s3.config.php index 374cba2d..9941c562 100644 --- a/28/apache/config/s3.config.php +++ b/28/apache/config/s3.config.php @@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_KEY_FILE')) { $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); @@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); @@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); diff --git a/28/apache/config/smtp.config.php b/28/apache/config/smtp.config.php index 5006fe47..66a2ef7e 100644 --- a/28/apache/config/smtp.config.php +++ b/28/apache/config/smtp.config.php @@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + if (getenv('SMTP_PASSWORD_FILE')) { $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); } elseif (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); diff --git a/28/apache/entrypoint.sh b/28/apache/entrypoint.sh index 5b627f07..ef80647a 100755 --- a/28/apache/entrypoint.sh +++ b/28/apache/entrypoint.sh @@ -11,14 +11,6 @@ directory_empty() { [ -z "$(ls -A "$1/")" ] } -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - # Execute all executable files in a given directory in alphanumeric order run_path() { local hook_folder_path="/docker-entrypoint-hooks.d/$1" @@ -40,7 +32,11 @@ run_path() { echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - run_as "${script_file_path}" || return_code="$?" + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh "${script_file_path}" || return_code="$?" + else + "${script_file_path}" || return_code="$?" + fi if [ "${return_code}" -ne "0" ]; then echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" @@ -163,7 +159,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP exit 1 fi echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi if [ "$(id -u)" = 0 ]; then rsync_options="-rlDog --chown $user:$group" @@ -186,6 +182,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_USER + install=false if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -201,7 +198,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_PASSWORD file_env POSTGRES_USER - install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -225,7 +221,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP echo "Starting nextcloud installation" max_retries=10 try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + until [ "$try" -gt "$max_retries" ] || eval "occ maintenance:install $install_options" do echo "Retrying install..." try=$((try+1)) @@ -240,23 +236,26 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=1 for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + occ config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_IDX" --value="$DOMAIN" NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi + fi + fi + # not enough specified to do a fully automated installation + if [ "$install" = false ]; then + echo "Next step: Access your instance to finish the web-based installation!" + echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation." fi # Upgrade else run_path pre-upgrade - run_as 'php /var/www/html/occ upgrade' + occ upgrade - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after @@ -269,10 +268,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # Update htaccess after init if requested if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' + occ maintenance:update:htaccess fi ) 9> /var/www/html/nextcloud-init-sync.lock + # warn if config files on persistent storage differ from the latest version of this image + for cfgPath in /usr/src/nextcloud/config/*.php; do + cfgFile=$(basename "$cfgPath") + + if [ "$cfgFile" != "config.sample.php" ]; then + if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then + echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile" + fi + fi + done + run_path before-starting fi diff --git a/28/apache/occ b/28/apache/occ new file mode 100755 index 00000000..70b08e7d --- /dev/null +++ b/28/apache/occ @@ -0,0 +1,14 @@ +#!/bin/sh +set -eu + +[ -e /var/www/html/occ ] || { echo "Unable to run \`occ\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/occ ] || { echo "Unable to run \`occ\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/occ)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/occ -- "$@"' -- '/bin/sh' "$@" +else + exec php -f /var/www/html/occ -- "$@" +fi diff --git a/28/apache/occ-cron b/28/apache/occ-cron new file mode 100755 index 00000000..798cc175 --- /dev/null +++ b/28/apache/occ-cron @@ -0,0 +1,19 @@ +#!/bin/sh +set -eu + +if [ "$(occ status 2> /dev/null | sed -ne 's/^ - installed: \(.*\)$/\1/p')" != "true" ]; then + echo "Nextcloud is not installed - cronjobs are not available" >&2 + exit 1 +fi + +[ -e /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/cron.php)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ-cron\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/cron.php' -- '/bin/sh' +else + exec php -f /var/www/html/cron.php +fi diff --git a/28/fpm-alpine/Dockerfile b/28/fpm-alpine/Dockerfile index c910afeb..638a2584 100644 --- a/28/fpm-alpine/Dockerfile +++ b/28/fpm-alpine/Dockerfile @@ -1,16 +1,23 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:8.2-fpm-alpine3.19 +FROM php:8.2-fpm-alpine3.20 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ \ apk add --no-cache \ imagemagick \ + imagemagick-pdf \ + imagemagick-jpeg \ + imagemagick-raw \ + imagemagick-tiff \ + imagemagick-heic \ + imagemagick-webp \ + imagemagick-svg \ rsync \ ; \ \ rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/5 * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -113,7 +120,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 28.0.4 +ENV NEXTCLOUD_VERSION 28.0.8 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ @@ -121,8 +128,8 @@ RUN set -ex; \ gnupg \ ; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.8.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.8.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ @@ -136,7 +143,8 @@ RUN set -ex; \ chmod +x /usr/src/nextcloud/occ; \ apk del --no-network .fetch-deps -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/28/fpm-alpine/config/redis.config.php b/28/fpm-alpine/config/redis.config.php index a5fde3c7..a5b13da6 100644 --- a/28/fpm-alpine/config/redis.config.php +++ b/28/fpm-alpine/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/28/fpm-alpine/config/s3.config.php b/28/fpm-alpine/config/s3.config.php index 374cba2d..9941c562 100644 --- a/28/fpm-alpine/config/s3.config.php +++ b/28/fpm-alpine/config/s3.config.php @@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_KEY_FILE')) { $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); @@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); @@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); diff --git a/28/fpm-alpine/config/smtp.config.php b/28/fpm-alpine/config/smtp.config.php index 5006fe47..66a2ef7e 100644 --- a/28/fpm-alpine/config/smtp.config.php +++ b/28/fpm-alpine/config/smtp.config.php @@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + if (getenv('SMTP_PASSWORD_FILE')) { $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); } elseif (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); diff --git a/28/fpm-alpine/entrypoint.sh b/28/fpm-alpine/entrypoint.sh index 5b627f07..ef80647a 100755 --- a/28/fpm-alpine/entrypoint.sh +++ b/28/fpm-alpine/entrypoint.sh @@ -11,14 +11,6 @@ directory_empty() { [ -z "$(ls -A "$1/")" ] } -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - # Execute all executable files in a given directory in alphanumeric order run_path() { local hook_folder_path="/docker-entrypoint-hooks.d/$1" @@ -40,7 +32,11 @@ run_path() { echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - run_as "${script_file_path}" || return_code="$?" + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh "${script_file_path}" || return_code="$?" + else + "${script_file_path}" || return_code="$?" + fi if [ "${return_code}" -ne "0" ]; then echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" @@ -163,7 +159,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP exit 1 fi echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi if [ "$(id -u)" = 0 ]; then rsync_options="-rlDog --chown $user:$group" @@ -186,6 +182,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_USER + install=false if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -201,7 +198,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_PASSWORD file_env POSTGRES_USER - install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -225,7 +221,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP echo "Starting nextcloud installation" max_retries=10 try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + until [ "$try" -gt "$max_retries" ] || eval "occ maintenance:install $install_options" do echo "Retrying install..." try=$((try+1)) @@ -240,23 +236,26 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=1 for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + occ config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_IDX" --value="$DOMAIN" NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi + fi + fi + # not enough specified to do a fully automated installation + if [ "$install" = false ]; then + echo "Next step: Access your instance to finish the web-based installation!" + echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation." fi # Upgrade else run_path pre-upgrade - run_as 'php /var/www/html/occ upgrade' + occ upgrade - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after @@ -269,10 +268,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # Update htaccess after init if requested if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' + occ maintenance:update:htaccess fi ) 9> /var/www/html/nextcloud-init-sync.lock + # warn if config files on persistent storage differ from the latest version of this image + for cfgPath in /usr/src/nextcloud/config/*.php; do + cfgFile=$(basename "$cfgPath") + + if [ "$cfgFile" != "config.sample.php" ]; then + if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then + echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile" + fi + fi + done + run_path before-starting fi diff --git a/28/fpm-alpine/occ b/28/fpm-alpine/occ new file mode 100755 index 00000000..70b08e7d --- /dev/null +++ b/28/fpm-alpine/occ @@ -0,0 +1,14 @@ +#!/bin/sh +set -eu + +[ -e /var/www/html/occ ] || { echo "Unable to run \`occ\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/occ ] || { echo "Unable to run \`occ\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/occ)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/occ -- "$@"' -- '/bin/sh' "$@" +else + exec php -f /var/www/html/occ -- "$@" +fi diff --git a/28/fpm-alpine/occ-cron b/28/fpm-alpine/occ-cron new file mode 100755 index 00000000..798cc175 --- /dev/null +++ b/28/fpm-alpine/occ-cron @@ -0,0 +1,19 @@ +#!/bin/sh +set -eu + +if [ "$(occ status 2> /dev/null | sed -ne 's/^ - installed: \(.*\)$/\1/p')" != "true" ]; then + echo "Nextcloud is not installed - cronjobs are not available" >&2 + exit 1 +fi + +[ -e /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/cron.php)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ-cron\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/cron.php' -- '/bin/sh' +else + exec php -f /var/www/html/cron.php +fi diff --git a/28/fpm/Dockerfile b/28/fpm/Dockerfile index ee9f27eb..f443ea82 100644 --- a/28/fpm/Dockerfile +++ b/28/fpm/Dockerfile @@ -15,7 +15,7 @@ RUN set -ex; \ rm -rf /var/lib/apt/lists/*; \ \ mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/5 * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -125,7 +125,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 28.0.4 +ENV NEXTCLOUD_VERSION 28.0.8 RUN set -ex; \ fetchDeps=" \ @@ -135,8 +135,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.8.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.8.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ @@ -152,7 +152,8 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ rm -rf /var/lib/apt/lists/* -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/28/fpm/config/redis.config.php b/28/fpm/config/redis.config.php index a5fde3c7..a5b13da6 100644 --- a/28/fpm/config/redis.config.php +++ b/28/fpm/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/28/fpm/config/s3.config.php b/28/fpm/config/s3.config.php index 374cba2d..9941c562 100644 --- a/28/fpm/config/s3.config.php +++ b/28/fpm/config/s3.config.php @@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_KEY_FILE')) { $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); @@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); @@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); diff --git a/28/fpm/config/smtp.config.php b/28/fpm/config/smtp.config.php index 5006fe47..66a2ef7e 100644 --- a/28/fpm/config/smtp.config.php +++ b/28/fpm/config/smtp.config.php @@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + if (getenv('SMTP_PASSWORD_FILE')) { $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); } elseif (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); diff --git a/28/fpm/entrypoint.sh b/28/fpm/entrypoint.sh index 5b627f07..ef80647a 100755 --- a/28/fpm/entrypoint.sh +++ b/28/fpm/entrypoint.sh @@ -11,14 +11,6 @@ directory_empty() { [ -z "$(ls -A "$1/")" ] } -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - # Execute all executable files in a given directory in alphanumeric order run_path() { local hook_folder_path="/docker-entrypoint-hooks.d/$1" @@ -40,7 +32,11 @@ run_path() { echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - run_as "${script_file_path}" || return_code="$?" + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh "${script_file_path}" || return_code="$?" + else + "${script_file_path}" || return_code="$?" + fi if [ "${return_code}" -ne "0" ]; then echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" @@ -163,7 +159,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP exit 1 fi echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi if [ "$(id -u)" = 0 ]; then rsync_options="-rlDog --chown $user:$group" @@ -186,6 +182,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_USER + install=false if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -201,7 +198,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_PASSWORD file_env POSTGRES_USER - install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -225,7 +221,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP echo "Starting nextcloud installation" max_retries=10 try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + until [ "$try" -gt "$max_retries" ] || eval "occ maintenance:install $install_options" do echo "Retrying install..." try=$((try+1)) @@ -240,23 +236,26 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=1 for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + occ config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_IDX" --value="$DOMAIN" NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi + fi + fi + # not enough specified to do a fully automated installation + if [ "$install" = false ]; then + echo "Next step: Access your instance to finish the web-based installation!" + echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation." fi # Upgrade else run_path pre-upgrade - run_as 'php /var/www/html/occ upgrade' + occ upgrade - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after @@ -269,10 +268,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # Update htaccess after init if requested if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' + occ maintenance:update:htaccess fi ) 9> /var/www/html/nextcloud-init-sync.lock + # warn if config files on persistent storage differ from the latest version of this image + for cfgPath in /usr/src/nextcloud/config/*.php; do + cfgFile=$(basename "$cfgPath") + + if [ "$cfgFile" != "config.sample.php" ]; then + if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then + echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile" + fi + fi + done + run_path before-starting fi diff --git a/28/fpm/occ b/28/fpm/occ new file mode 100755 index 00000000..70b08e7d --- /dev/null +++ b/28/fpm/occ @@ -0,0 +1,14 @@ +#!/bin/sh +set -eu + +[ -e /var/www/html/occ ] || { echo "Unable to run \`occ\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/occ ] || { echo "Unable to run \`occ\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/occ)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/occ -- "$@"' -- '/bin/sh' "$@" +else + exec php -f /var/www/html/occ -- "$@" +fi diff --git a/28/fpm/occ-cron b/28/fpm/occ-cron new file mode 100755 index 00000000..798cc175 --- /dev/null +++ b/28/fpm/occ-cron @@ -0,0 +1,19 @@ +#!/bin/sh +set -eu + +if [ "$(occ status 2> /dev/null | sed -ne 's/^ - installed: \(.*\)$/\1/p')" != "true" ]; then + echo "Nextcloud is not installed - cronjobs are not available" >&2 + exit 1 +fi + +[ -e /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/cron.php)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ-cron\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/cron.php' -- '/bin/sh' +else + exec php -f /var/www/html/cron.php +fi diff --git a/29/apache/Dockerfile b/29/apache/Dockerfile index eb44e77c..8b9dc15f 100644 --- a/29/apache/Dockerfile +++ b/29/apache/Dockerfile @@ -15,7 +15,7 @@ RUN set -ex; \ rm -rf /var/lib/apt/lists/*; \ \ mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/5 * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -140,7 +140,7 @@ RUN { \ } > /etc/apache2/conf-available/apache-limits.conf; \ a2enconf apache-limits -ENV NEXTCLOUD_VERSION 29.0.0 +ENV NEXTCLOUD_VERSION 29.0.4 RUN set -ex; \ fetchDeps=" \ @@ -150,8 +150,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.0.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.0.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.4.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.4.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ @@ -167,7 +167,8 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ rm -rf /var/lib/apt/lists/* -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/29/apache/config/redis.config.php b/29/apache/config/redis.config.php index a5fde3c7..a5b13da6 100644 --- a/29/apache/config/redis.config.php +++ b/29/apache/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/29/apache/config/s3.config.php b/29/apache/config/s3.config.php index 374cba2d..9941c562 100644 --- a/29/apache/config/s3.config.php +++ b/29/apache/config/s3.config.php @@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_KEY_FILE')) { $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); @@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); @@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); diff --git a/29/apache/config/smtp.config.php b/29/apache/config/smtp.config.php index 5006fe47..66a2ef7e 100644 --- a/29/apache/config/smtp.config.php +++ b/29/apache/config/smtp.config.php @@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + if (getenv('SMTP_PASSWORD_FILE')) { $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); } elseif (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); diff --git a/29/apache/entrypoint.sh b/29/apache/entrypoint.sh index 5b627f07..ef80647a 100755 --- a/29/apache/entrypoint.sh +++ b/29/apache/entrypoint.sh @@ -11,14 +11,6 @@ directory_empty() { [ -z "$(ls -A "$1/")" ] } -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - # Execute all executable files in a given directory in alphanumeric order run_path() { local hook_folder_path="/docker-entrypoint-hooks.d/$1" @@ -40,7 +32,11 @@ run_path() { echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - run_as "${script_file_path}" || return_code="$?" + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh "${script_file_path}" || return_code="$?" + else + "${script_file_path}" || return_code="$?" + fi if [ "${return_code}" -ne "0" ]; then echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" @@ -163,7 +159,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP exit 1 fi echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi if [ "$(id -u)" = 0 ]; then rsync_options="-rlDog --chown $user:$group" @@ -186,6 +182,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_USER + install=false if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -201,7 +198,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_PASSWORD file_env POSTGRES_USER - install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -225,7 +221,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP echo "Starting nextcloud installation" max_retries=10 try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + until [ "$try" -gt "$max_retries" ] || eval "occ maintenance:install $install_options" do echo "Retrying install..." try=$((try+1)) @@ -240,23 +236,26 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=1 for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + occ config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_IDX" --value="$DOMAIN" NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi + fi + fi + # not enough specified to do a fully automated installation + if [ "$install" = false ]; then + echo "Next step: Access your instance to finish the web-based installation!" + echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation." fi # Upgrade else run_path pre-upgrade - run_as 'php /var/www/html/occ upgrade' + occ upgrade - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after @@ -269,10 +268,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # Update htaccess after init if requested if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' + occ maintenance:update:htaccess fi ) 9> /var/www/html/nextcloud-init-sync.lock + # warn if config files on persistent storage differ from the latest version of this image + for cfgPath in /usr/src/nextcloud/config/*.php; do + cfgFile=$(basename "$cfgPath") + + if [ "$cfgFile" != "config.sample.php" ]; then + if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then + echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile" + fi + fi + done + run_path before-starting fi diff --git a/29/apache/occ b/29/apache/occ new file mode 100755 index 00000000..70b08e7d --- /dev/null +++ b/29/apache/occ @@ -0,0 +1,14 @@ +#!/bin/sh +set -eu + +[ -e /var/www/html/occ ] || { echo "Unable to run \`occ\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/occ ] || { echo "Unable to run \`occ\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/occ)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/occ -- "$@"' -- '/bin/sh' "$@" +else + exec php -f /var/www/html/occ -- "$@" +fi diff --git a/29/apache/occ-cron b/29/apache/occ-cron new file mode 100755 index 00000000..798cc175 --- /dev/null +++ b/29/apache/occ-cron @@ -0,0 +1,19 @@ +#!/bin/sh +set -eu + +if [ "$(occ status 2> /dev/null | sed -ne 's/^ - installed: \(.*\)$/\1/p')" != "true" ]; then + echo "Nextcloud is not installed - cronjobs are not available" >&2 + exit 1 +fi + +[ -e /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/cron.php)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ-cron\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/cron.php' -- '/bin/sh' +else + exec php -f /var/www/html/cron.php +fi diff --git a/29/fpm-alpine/Dockerfile b/29/fpm-alpine/Dockerfile index 76a42bf1..d43b71fc 100644 --- a/29/fpm-alpine/Dockerfile +++ b/29/fpm-alpine/Dockerfile @@ -1,16 +1,23 @@ # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template -FROM php:8.2-fpm-alpine3.19 +FROM php:8.2-fpm-alpine3.20 # entrypoint.sh and cron.sh dependencies RUN set -ex; \ \ apk add --no-cache \ imagemagick \ + imagemagick-pdf \ + imagemagick-jpeg \ + imagemagick-raw \ + imagemagick-tiff \ + imagemagick-heic \ + imagemagick-webp \ + imagemagick-svg \ rsync \ ; \ \ rm /var/spool/cron/crontabs/root; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/5 * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -113,7 +120,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 29.0.0 +ENV NEXTCLOUD_VERSION 29.0.4 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ @@ -121,8 +128,8 @@ RUN set -ex; \ gnupg \ ; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.0.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.0.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.4.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.4.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ @@ -136,7 +143,8 @@ RUN set -ex; \ chmod +x /usr/src/nextcloud/occ; \ apk del --no-network .fetch-deps -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/29/fpm-alpine/config/redis.config.php b/29/fpm-alpine/config/redis.config.php index a5fde3c7..a5b13da6 100644 --- a/29/fpm-alpine/config/redis.config.php +++ b/29/fpm-alpine/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/29/fpm-alpine/config/s3.config.php b/29/fpm-alpine/config/s3.config.php index 374cba2d..9941c562 100644 --- a/29/fpm-alpine/config/s3.config.php +++ b/29/fpm-alpine/config/s3.config.php @@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_KEY_FILE')) { $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); @@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); @@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); diff --git a/29/fpm-alpine/config/smtp.config.php b/29/fpm-alpine/config/smtp.config.php index 5006fe47..66a2ef7e 100644 --- a/29/fpm-alpine/config/smtp.config.php +++ b/29/fpm-alpine/config/smtp.config.php @@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + if (getenv('SMTP_PASSWORD_FILE')) { $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); } elseif (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); diff --git a/29/fpm-alpine/entrypoint.sh b/29/fpm-alpine/entrypoint.sh index 5b627f07..ef80647a 100755 --- a/29/fpm-alpine/entrypoint.sh +++ b/29/fpm-alpine/entrypoint.sh @@ -11,14 +11,6 @@ directory_empty() { [ -z "$(ls -A "$1/")" ] } -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - # Execute all executable files in a given directory in alphanumeric order run_path() { local hook_folder_path="/docker-entrypoint-hooks.d/$1" @@ -40,7 +32,11 @@ run_path() { echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - run_as "${script_file_path}" || return_code="$?" + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh "${script_file_path}" || return_code="$?" + else + "${script_file_path}" || return_code="$?" + fi if [ "${return_code}" -ne "0" ]; then echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" @@ -163,7 +159,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP exit 1 fi echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi if [ "$(id -u)" = 0 ]; then rsync_options="-rlDog --chown $user:$group" @@ -186,6 +182,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_USER + install=false if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -201,7 +198,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_PASSWORD file_env POSTGRES_USER - install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -225,7 +221,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP echo "Starting nextcloud installation" max_retries=10 try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + until [ "$try" -gt "$max_retries" ] || eval "occ maintenance:install $install_options" do echo "Retrying install..." try=$((try+1)) @@ -240,23 +236,26 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=1 for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + occ config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_IDX" --value="$DOMAIN" NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi + fi + fi + # not enough specified to do a fully automated installation + if [ "$install" = false ]; then + echo "Next step: Access your instance to finish the web-based installation!" + echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation." fi # Upgrade else run_path pre-upgrade - run_as 'php /var/www/html/occ upgrade' + occ upgrade - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after @@ -269,10 +268,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # Update htaccess after init if requested if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' + occ maintenance:update:htaccess fi ) 9> /var/www/html/nextcloud-init-sync.lock + # warn if config files on persistent storage differ from the latest version of this image + for cfgPath in /usr/src/nextcloud/config/*.php; do + cfgFile=$(basename "$cfgPath") + + if [ "$cfgFile" != "config.sample.php" ]; then + if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then + echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile" + fi + fi + done + run_path before-starting fi diff --git a/29/fpm-alpine/occ b/29/fpm-alpine/occ new file mode 100755 index 00000000..70b08e7d --- /dev/null +++ b/29/fpm-alpine/occ @@ -0,0 +1,14 @@ +#!/bin/sh +set -eu + +[ -e /var/www/html/occ ] || { echo "Unable to run \`occ\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/occ ] || { echo "Unable to run \`occ\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/occ)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/occ -- "$@"' -- '/bin/sh' "$@" +else + exec php -f /var/www/html/occ -- "$@" +fi diff --git a/29/fpm-alpine/occ-cron b/29/fpm-alpine/occ-cron new file mode 100755 index 00000000..798cc175 --- /dev/null +++ b/29/fpm-alpine/occ-cron @@ -0,0 +1,19 @@ +#!/bin/sh +set -eu + +if [ "$(occ status 2> /dev/null | sed -ne 's/^ - installed: \(.*\)$/\1/p')" != "true" ]; then + echo "Nextcloud is not installed - cronjobs are not available" >&2 + exit 1 +fi + +[ -e /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/cron.php)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ-cron\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/cron.php' -- '/bin/sh' +else + exec php -f /var/www/html/cron.php +fi diff --git a/29/fpm/Dockerfile b/29/fpm/Dockerfile index 6127a79b..2fabf3ee 100644 --- a/29/fpm/Dockerfile +++ b/29/fpm/Dockerfile @@ -15,7 +15,7 @@ RUN set -ex; \ rm -rf /var/lib/apt/lists/*; \ \ mkdir -p /var/spool/cron/crontabs; \ - echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/5 * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -125,7 +125,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 29.0.0 +ENV NEXTCLOUD_VERSION 29.0.4 RUN set -ex; \ fetchDeps=" \ @@ -135,8 +135,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.0.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.0.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.4.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.4.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ @@ -152,7 +152,8 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ rm -rf /var/lib/apt/lists/* -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/29/fpm/config/redis.config.php b/29/fpm/config/redis.config.php index a5fde3c7..a5b13da6 100644 --- a/29/fpm/config/redis.config.php +++ b/29/fpm/config/redis.config.php @@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) { 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => getenv('REDIS_HOST'), - 'password' => (string) getenv('REDIS_HOST_PASSWORD'), + 'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'), ), ); diff --git a/29/fpm/config/s3.config.php b/29/fpm/config/s3.config.php index 374cba2d..9941c562 100644 --- a/29/fpm/config/s3.config.php +++ b/29/fpm/config/s3.config.php @@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ); - if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_KEY_FILE')) { $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_KEY')) { $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY'); @@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['key'] = ''; } - if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) { + if (getenv('OBJECTSTORE_S3_SECRET_FILE')) { $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SECRET')) { $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET'); @@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['secret'] = ''; } - if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) { + if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))); } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY'); diff --git a/29/fpm/config/smtp.config.php b/29/fpm/config/smtp.config.php index 5006fe47..66a2ef7e 100644 --- a/29/fpm/config/smtp.config.php +++ b/29/fpm/config/smtp.config.php @@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) 'mail_smtphost' => getenv('SMTP_HOST'), 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', - 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))), + 'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')), 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', 'mail_smtpname' => getenv('SMTP_NAME') ?: '', 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), 'mail_domain' => getenv('MAIL_DOMAIN'), ); - if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) { + if (getenv('SMTP_PASSWORD_FILE')) { $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE'))); } elseif (getenv('SMTP_PASSWORD')) { $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD'); diff --git a/29/fpm/entrypoint.sh b/29/fpm/entrypoint.sh index 5b627f07..ef80647a 100755 --- a/29/fpm/entrypoint.sh +++ b/29/fpm/entrypoint.sh @@ -11,14 +11,6 @@ directory_empty() { [ -z "$(ls -A "$1/")" ] } -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - # Execute all executable files in a given directory in alphanumeric order run_path() { local hook_folder_path="/docker-entrypoint-hooks.d/$1" @@ -40,7 +32,11 @@ run_path() { echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - run_as "${script_file_path}" || return_code="$?" + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh "${script_file_path}" || return_code="$?" + else + "${script_file_path}" || return_code="$?" + fi if [ "${return_code}" -ne "0" ]; then echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" @@ -163,7 +159,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP exit 1 fi echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi if [ "$(id -u)" = 0 ]; then rsync_options="-rlDog --chown $user:$group" @@ -186,6 +182,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_USER + install=false if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -201,7 +198,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_PASSWORD file_env POSTGRES_USER - install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -225,7 +221,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP echo "Starting nextcloud installation" max_retries=10 try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + until [ "$try" -gt "$max_retries" ] || eval "occ maintenance:install $install_options" do echo "Retrying install..." try=$((try+1)) @@ -240,23 +236,26 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=1 for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + occ config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_IDX" --value="$DOMAIN" NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi + fi + fi + # not enough specified to do a fully automated installation + if [ "$install" = false ]; then + echo "Next step: Access your instance to finish the web-based installation!" + echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation." fi # Upgrade else run_path pre-upgrade - run_as 'php /var/www/html/occ upgrade' + occ upgrade - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after @@ -269,10 +268,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # Update htaccess after init if requested if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' + occ maintenance:update:htaccess fi ) 9> /var/www/html/nextcloud-init-sync.lock + # warn if config files on persistent storage differ from the latest version of this image + for cfgPath in /usr/src/nextcloud/config/*.php; do + cfgFile=$(basename "$cfgPath") + + if [ "$cfgFile" != "config.sample.php" ]; then + if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then + echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile" + fi + fi + done + run_path before-starting fi diff --git a/29/fpm/occ b/29/fpm/occ new file mode 100755 index 00000000..70b08e7d --- /dev/null +++ b/29/fpm/occ @@ -0,0 +1,14 @@ +#!/bin/sh +set -eu + +[ -e /var/www/html/occ ] || { echo "Unable to run \`occ\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/occ ] || { echo "Unable to run \`occ\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/occ)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/occ -- "$@"' -- '/bin/sh' "$@" +else + exec php -f /var/www/html/occ -- "$@" +fi diff --git a/29/fpm/occ-cron b/29/fpm/occ-cron new file mode 100755 index 00000000..798cc175 --- /dev/null +++ b/29/fpm/occ-cron @@ -0,0 +1,19 @@ +#!/bin/sh +set -eu + +if [ "$(occ status 2> /dev/null | sed -ne 's/^ - installed: \(.*\)$/\1/p')" != "true" ]; then + echo "Nextcloud is not installed - cronjobs are not available" >&2 + exit 1 +fi + +[ -e /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/cron.php)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ-cron\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/cron.php' -- '/bin/sh' +else + exec php -f /var/www/html/cron.php +fi diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 4553997a..b474b76b 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -5,11 +5,18 @@ RUN set -ex; \ \ apk add --no-cache \ imagemagick \ + imagemagick-pdf \ + imagemagick-jpeg \ + imagemagick-raw \ + imagemagick-tiff \ + imagemagick-heic \ + imagemagick-webp \ + imagemagick-svg \ rsync \ ; \ \ rm /var/spool/cron/crontabs/root; \ - echo '*/%%CRONTAB_INT%% * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/%%CRONTAB_INT%% * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -135,7 +142,8 @@ RUN set -ex; \ chmod +x /usr/src/nextcloud/occ; \ apk del --no-network .fetch-deps -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 8b66dd34..65487f26 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -14,7 +14,7 @@ RUN set -ex; \ rm -rf /var/lib/apt/lists/*; \ \ mkdir -p /var/spool/cron/crontabs; \ - echo '*/%%CRONTAB_INT%% * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data + echo '*/%%CRONTAB_INT%% * * * * occ-cron' > /var/spool/cron/crontabs/www-data # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html @@ -151,7 +151,8 @@ RUN set -ex; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ rm -rf /var/lib/apt/lists/* -COPY *.sh upgrade.exclude / +COPY entrypoint.sh cron.sh upgrade.exclude / +COPY occ occ-cron /usr/local/bin/ COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] diff --git a/README.md b/README.md index c73bbebf..8760ee37 100644 --- a/README.md +++ b/README.md @@ -105,13 +105,13 @@ If mounting additional volumes under `/var/www/html`, you should consider: ## Using the Nextcloud command-line interface -To use the [Nextcloud command-line interface](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html) (aka. `occ` command): +To use the [Nextcloud command-line interface](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html) (aka. `occ` command), you can use a simple wrapper script provided by the Nextcloud image dealing with permissions: ```console -$ docker exec --user www-data CONTAINER_ID php occ +$ docker exec CONTAINER_ID occ ``` or for docker-compose: ```console -$ docker-compose exec --user www-data app php occ +$ docker-compose exec app occ ``` ## Auto configuration via environment variables @@ -163,7 +163,7 @@ If you want to use Redis you have to create a separate [Redis](https://hub.docke The use of Redis is recommended to prevent file locking problems. See the examples for further instructions. -To use an external SMTP server, you have to provide the connection details. To configure Nextcloud to use SMTP add: +To use an external SMTP server, you have to provide the connection details. Note that if you configure these values via Docker, you should **not** use the Nexcloud Web UI to configure external SMTP server parameters. Conversely, if you prefer to use the Web UI, do **not** set these variables here (because these variables will override whatever you attempt to set in the Web UI for these parameters). To configure Nextcloud to use SMTP add: - `SMTP_HOST` (not set by default): The hostname of the SMTP server. - `SMTP_SECURE` (empty by default): Set to `ssl` to use SSL, or `tls` to use STARTTLS. @@ -217,6 +217,18 @@ To customize Apache max file upload limit you can change the following variable: - `APACHE_BODY_LIMIT` (default `1073741824` [1GiB]) This restricts the total size of the HTTP request body sent from the client. It specifies the number of _bytes_ that are allowed in a request body. A value of **0** means **unlimited**. Check the [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html#apache) for more information. +### Auto configuration and Nextcloud updates +The image comes with special config files for Nextcloud that set parameters specific to containerized usage (e.g. `upgrade-disable-web.config.php`) or enable auto configuration via environment variables (e.g. `reverse-proxy.config.php`). Within the image, the latest version of these config files are located in `/usr/src/nextcloud/config`. + +During a fresh Nextcloud installation, the latest version (from the image) of these files are copied into `/var/www/html/config` so that they are stored within your container's persistent volume and picked up by Nextcloud alongside your local configuration. + +The copied files, however, are **not** automatically overwritten whenever you update your environment with a newer Nextcloud image. This is to prevent local changes in `/var/www/html/config` from being unexpectedly overwritten. This may lead to your image-specific configuration files becoming outdated and image functionality not matching that which is documented. + +A warning will be generated in the container log output when outdated image-specific configuration files are detected at startup in a running container. When you see this warning, you should manually compare (or copy) the files from `/usr/src/nextcloud/config` to `/var/www/html/config`. + +As long as you have not modified any of the provided config files in `/var/www/html/config` (other than `config.php`) or only added new ones with names that do not conflict with the image specific ones, copying the new ones into place should be safe (but check the source path `/usr/src/nextcloud/config` for any newly named config files to avoid new overlaps just in case). + +Not keeping these files up-to-date when this warning appears may cause certain auto configuration environment variables to be ignored or the image to not work as documented or expected. ## Auto configuration via hook folders @@ -602,5 +614,12 @@ You're already using Nextcloud and want to switch to docker? Great! Here are som docker-compose exec app chown -R www-data:www-data /var/www/html/custom_apps ``` -# Questions / Issues -If you got any questions or problems using the image, please visit our [Github Repository](https://github.com/nextcloud/docker) and write an issue. +# Help (Questions / Issues) + +**If you have any questions or problems while using the image, please ask for assistance on the Help Forum first (https://help.nextcloud.com)**. + +Also, most Nextcloud Server matters are covered in the [Nextcloud Admin Manual](https://docs.nextcloud.com/server/latest/admin_manual/) which is routinely updated. + +If you believe you've found a bug (or have an enhancement idea) in the image itself, please [search for already reported bugs and enhancement ideas](https://github.com/nextcloud/docker/issues). If there is an existing open issue, you can either add to the discussion there or upvote to indicate you're impacted by (or interested in) the same issue. If you believe you've found a new bug, please create a new Issue so that others can try to reproduce it and remediation can be tracked. + +Thanks for helping to make the Nextcloud community maintained micro-services image better! diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 5b627f07..ef80647a 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -11,14 +11,6 @@ directory_empty() { [ -z "$(ls -A "$1/")" ] } -run_as() { - if [ "$(id -u)" = 0 ]; then - su -p "$user" -s /bin/sh -c "$1" - else - sh -c "$1" - fi -} - # Execute all executable files in a given directory in alphanumeric order run_path() { local hook_folder_path="/docker-entrypoint-hooks.d/$1" @@ -40,7 +32,11 @@ run_path() { echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\"" - run_as "${script_file_path}" || return_code="$?" + if [ "$(id -u)" = 0 ]; then + su -p "$user" -s /bin/sh "${script_file_path}" || return_code="$?" + else + "${script_file_path}" || return_code="$?" + fi if [ "${return_code}" -ne "0" ]; then echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}" @@ -163,7 +159,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP exit 1 fi echo "Upgrading nextcloud from $installed_version ..." - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before fi if [ "$(id -u)" = 0 ]; then rsync_options="-rlDog --chown $user:$group" @@ -186,6 +182,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env NEXTCLOUD_ADMIN_PASSWORD file_env NEXTCLOUD_ADMIN_USER + install=false if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -201,7 +198,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_PASSWORD file_env POSTGRES_USER - install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -225,7 +221,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP echo "Starting nextcloud installation" max_retries=10 try=0 - until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ] + until [ "$try" -gt "$max_retries" ] || eval "occ maintenance:install $install_options" do echo "Retrying install..." try=$((try+1)) @@ -240,23 +236,26 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP NC_TRUSTED_DOMAIN_IDX=1 for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN" + occ config:system:set trusted_domains "$NC_TRUSTED_DOMAIN_IDX" --value="$DOMAIN" NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1)) done fi run_path post-installation - else - echo "Please run the web-based installer on first connect!" - fi + fi + fi + # not enough specified to do a fully automated installation + if [ "$install" = false ]; then + echo "Next step: Access your instance to finish the web-based installation!" + echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation." fi # Upgrade else run_path pre-upgrade - run_as 'php /var/www/html/occ upgrade' + occ upgrade - run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after + occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after echo "The following apps have been disabled:" diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after @@ -269,10 +268,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP # Update htaccess after init if requested if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then - run_as 'php /var/www/html/occ maintenance:update:htaccess' + occ maintenance:update:htaccess fi ) 9> /var/www/html/nextcloud-init-sync.lock + # warn if config files on persistent storage differ from the latest version of this image + for cfgPath in /usr/src/nextcloud/config/*.php; do + cfgFile=$(basename "$cfgPath") + + if [ "$cfgFile" != "config.sample.php" ]; then + if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then + echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile" + fi + fi + done + run_path before-starting fi diff --git a/docker-occ-cron.sh b/docker-occ-cron.sh new file mode 100755 index 00000000..798cc175 --- /dev/null +++ b/docker-occ-cron.sh @@ -0,0 +1,19 @@ +#!/bin/sh +set -eu + +if [ "$(occ status 2> /dev/null | sed -ne 's/^ - installed: \(.*\)$/\1/p')" != "true" ]; then + echo "Nextcloud is not installed - cronjobs are not available" >&2 + exit 1 +fi + +[ -e /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/cron.php ] || { echo "Unable to run \`occ-cron\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/cron.php)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ-cron\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/cron.php' -- '/bin/sh' +else + exec php -f /var/www/html/cron.php +fi diff --git a/docker-occ.sh b/docker-occ.sh new file mode 100755 index 00000000..70b08e7d --- /dev/null +++ b/docker-occ.sh @@ -0,0 +1,14 @@ +#!/bin/sh +set -eu + +[ -e /var/www/html/occ ] || { echo "Unable to run \`occ\`: No such file or directory" >&2 ; exit 1 ; } +[ -f /var/www/html/occ ] || { echo "Unable to run \`occ\`: Not a file" >&2 ; exit 1 ; } + +RUN_AS="$(stat -c %U /var/www/html/occ)" +[ -n "$RUN_AS" ] && [ "$RUN_AS" != "UNKNOWN" ] || { echo "Unable to run \`occ\`: Failed to determine www-data user" >&2 ; exit 1 ; } + +if [ "$(id -u)" = 0 ]; then + exec su -p "$RUN_AS" -s /bin/sh -c 'exec php -f /var/www/html/occ -- "$@"' -- '/bin/sh' "$@" +else + exec php -f /var/www/html/occ -- "$@" +fi diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index b0bad02f..8eaaea3b 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -Eeuo pipefail -stable_channel='28.0.4' +stable_channel='29.0.4' self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" diff --git a/latest.txt b/latest.txt index f1e4903d..fad4b91c 100644 --- a/latest.txt +++ b/latest.txt @@ -1 +1 @@ -29.0.0 +29.0.4 diff --git a/update.sh b/update.sh index bea95729..c2852200 100755 --- a/update.sh +++ b/update.sh @@ -2,7 +2,7 @@ set -eo pipefail declare -A alpine_version=( - [default]='3.19' + [default]='3.20' ) declare -A debian_version=( @@ -84,7 +84,7 @@ variants=( fpm-alpine ) -min_version='26' +min_version='27' # version_greater_or_equal A B returns whether A >= B function version_greater_or_equal() { @@ -128,9 +128,10 @@ function create_variant() { ' "$dir/Dockerfile" # Copy the shell scripts - for name in entrypoint cron; do - cp "docker-$name.sh" "$dir/$name.sh" - done + cp "docker-entrypoint.sh" "$dir/entrypoint.sh" + cp "docker-cron.sh" "$dir/cron.sh" + cp "docker-occ.sh" "$dir/occ" + cp "docker-occ-cron.sh" "$dir/occ-cron" # Copy the upgrade.exclude cp upgrade.exclude "$dir/" diff --git a/versions.json b/versions.json index 752a7b07..7174afbd 100644 --- a/versions.json +++ b/versions.json @@ -1,9 +1,9 @@ { "29": { "branch": "29", - "version": "29.0.0", - "url": "https://download.nextcloud.com/server/releases/nextcloud-29.0.0.tar.bz2", - "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-29.0.0.tar.bz2.asc", + "version": "29.0.4", + "url": "https://download.nextcloud.com/server/releases/nextcloud-29.0.4.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-29.0.4.tar.bz2.asc", "variants": { "apache": { "variant": "apache", @@ -20,16 +20,16 @@ "fpm-alpine": { "variant": "fpm-alpine", "base": "alpine", - "baseVersion": "3.19", + "baseVersion": "3.20", "phpVersion": "8.2" } } }, "28": { "branch": "28", - "version": "28.0.4", - "url": "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2", - "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-28.0.4.tar.bz2.asc", + "version": "28.0.8", + "url": "https://download.nextcloud.com/server/releases/nextcloud-28.0.8.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-28.0.8.tar.bz2.asc", "variants": { "apache": { "variant": "apache", @@ -46,16 +46,16 @@ "fpm-alpine": { "variant": "fpm-alpine", "base": "alpine", - "baseVersion": "3.19", + "baseVersion": "3.20", "phpVersion": "8.2" } } }, "27": { "branch": "27", - "version": "27.1.8", - "url": "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2", - "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-27.1.8.tar.bz2.asc", + "version": "27.1.11", + "url": "https://download.nextcloud.com/server/releases/nextcloud-27.1.11.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-27.1.11.tar.bz2.asc", "variants": { "apache": { "variant": "apache", @@ -72,33 +72,7 @@ "fpm-alpine": { "variant": "fpm-alpine", "base": "alpine", - "baseVersion": "3.19", - "phpVersion": "8.2" - } - } - }, - "26": { - "branch": "26", - "version": "26.0.13", - "url": "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2", - "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-26.0.13.tar.bz2.asc", - "variants": { - "apache": { - "variant": "apache", - "base": "debian", - "baseVersion": "bookworm", - "phpVersion": "8.2" - }, - "fpm": { - "variant": "fpm", - "base": "debian", - "baseVersion": "bookworm", - "phpVersion": "8.2" - }, - "fpm-alpine": { - "variant": "fpm-alpine", - "base": "alpine", - "baseVersion": "3.19", + "baseVersion": "3.20", "phpVersion": "8.2" } }