hoellen/docker-nextcloud
1
0
Fork 0
mirror of https://github.com/hoellen/docker-nextcloud.git synced 2025-04-19 20:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

it's time

Browse Source
This commit is contained in:
Wonderfall 2021-05-20 20:03:04 +02:00
parent 479cf37fbf
commit 2bbaace1cd
2 changed files with 96 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Dockerfile
View File

@ -1,9 +1,9 @@
# -------------- Build-time variables -------------- # -------------- Build-time variables --------------
ARG NEXTCLOUD_VERSION=21.0.1 ARG NEXTCLOUD_VERSION=21.0.2
ARG ALPINE_VERSION=3.13 ARG ALPINE_VERSION=3.13
ARG PHP_VERSION=8.0.3 ARG PHP_VERSION=8.0.6
ARG NGINX_VERSION=1.19.10 ARG NGINX_VERSION=1.20.0
ARG APCU_VERSION=5.1.20 ARG APCU_VERSION=5.1.20
ARG REDIS_VERSION=5.3.4 ARG REDIS_VERSION=5.3.4
ARG HARDENED_MALLOC_VERSION=7 ARG HARDENED_MALLOC_VERSION=7
@ -112,12 +112,12 @@ RUN apk --no-cache add \
&& wget -q https://nextcloud.com/nextcloud.asc \ && wget -q https://nextcloud.com/nextcloud.asc \
&& echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \ && echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \
&& CHECKSUM_STATE=$(echo -n $(sha512sum -c ${NEXTCLOUD_TARBALL}.sha512) | tail -c 2) \ && CHECKSUM_STATE=$(echo -n $(sha512sum -c ${NEXTCLOUD_TARBALL}.sha512) | tail -c 2) \
&& if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \ && if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Error: checksum does not match" && exit 1; fi \
&& gpg --import nextcloud.asc \ && gpg --import nextcloud.asc \
&& FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \ && FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ && if [ -z "${FINGERPRINT}" ]; then echo "Error: invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ && if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Error: wrong GPG fingerprint" && exit 1; fi \
&& echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \ && echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \
&& mkdir /nextcloud && tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \ && mkdir /nextcloud && tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \
&& apk del gnupg && rm -rf /tmp/* /root/.gnupg \ && apk del gnupg && rm -rf /tmp/* /root/.gnupg \

93
README.md
View File

@ -1,12 +1,99 @@
# wonderfall/nextcloud # wonderfall/nextcloud
*The self-hosted productivity platform that keeps you in control.*
New version of my Nextcloud image, still in testing: Nextcloud [official website](https://nextcloud.com/) and [source code](https://github.com/nextcloud).
## Why this image?
This non-official image is intended as an **all-in-one** (as in monolithic) Nextcloud **production** image. If you're not sure you want this image, you should probably use [the official image](https://hub.docker.com/r/nextcloud).
## Security
Don't run random images from random dudes on the Internet. Ideally, you want to maintain and build it yourself.
Images are scanned every day by [Trivy](https://github.com/aquasecurity/trivy) for OS vulnerabilities. They are rebuilt once a week, so you should often update your images regardless of your Nextcloud version.
## Features
- Fetching PHP/nginx from their official images. - Fetching PHP/nginx from their official images.
- Does not use any privilege at any time, even at startup. - Does not use any privilege at any time, even at startup.
- Much easier to maintain thanks to multi-stages build. - Much easier to maintain thanks to multi-stages build.
- Includes hardened_malloc, a hardened memory allocator. - Includes hardened_malloc, a hardened memory allocator.
- Does not include imagick, samba, etc. by default. - Does not include imagick, samba, etc. by default.
Goals: simple, lean, and secure. ## Tags
- `latest` : latest Nextcloud version
- `x` : latest Nextcloud x.x (e.g. `21`)
- `x.x.x` : Nextcloud x.x.x (e.g. `21.0.2`)
Be aware this image is not ready yet for production use. While it might work, please note a fresh install from the previous image is recommended. If you intend to migrate, please back up your data. You can always have a glance [here](https://github.com/users/Wonderfall/packages/container/package/nextcloud).
Only the **latest stable version** will be maintained by myself.
## Build-time variables
| Variable | Description |
| --------------------------- | -------------------------- |
| **NEXTCLOUD_VERSION** | version of Nextcloud |
| **ALPINE_VERSION** | version of Alpine Linux |
| **PHP_VERSION** | version of PHP |
| **NGINX_VERSION** | version of nginx |
| **APCU_VERSION** | version of APCu (php ext) |
| **REDIS_VERSION** | version of redis (php ext) |
| **HARDENED_MALLOC_VERSION** | version of hardened_malloc |
| **UID** | user id (default: 1000) |
| **GID** | group id (default: 1000) |
For convenience they were put at the very of the Dockerfile and their usage should be quite explicit if you intend to build this image yourself.
## Environment variables (Dockerfile)
| Variable | Description | Default |
| ------------------------- | --------------------------- | ------------------ |
| **UPLOAD_MAX_SIZE** | file upload maximum size | 10G |
| **APC_SHM_SIZE** | apc shared memory size | 128M |
| **MEMORY_LIMIT** | max php command mem usage | 512M |
| **CRON_PERIOD** | cron time interval (min.) | 5m |
| **CRON_MEMORY_LIMIT** | cron max memory usage | 1G |
| **DB_TYPE** | sqlite3, mysql, pgsql | sqlite3 |
| **DOMAIN** | host domain | localhost |
Leave them at default if you're not sure what you're doing.
## Environment variables (used by setup.sh)
| Variable | Description |
| ------------------------- | --------------------------- |
| **ADMIN_USER** | admin username |
| **ADMIN_PASSWORD** | admin password |
| **DB_TYPE** | sqlit3, mysql, pgsql |
| **DB_NAME** | name of the database |
| **DB_USER** | name of the database user |
| **DB_PASSWORD** | password of the db user |
| **DB_HOST** | database host |
`ADMIN_USER` and `ADMIN_PASSWORD` are optional and mainly for niche purposes. Obviously, avoid clear text passwords. Once `setup.sh` has run for the first time, these variables can be removed. You should then edit `/nextcloud/config/config.php` directly if you want to change something in your configuration.
## Volumes
| Variable | Description |
| ------------------------- | -------------------------- |
| **/data** | data files |
| **/nextcloud/config** | config files |
| **/nextcloud/apps2** | 3rd-party apps |
| **/nextcloud/themes** | custom themes |
## Ports
| Port | Use |
| ------------------------- | -------------------------- |
| **8888** | Nextcloud web |
A reverse proxy like Traefik/Caddy should be used.
## Migration from the legacy image
From now on you'll need to make sure all volumes have proper permissions. The default UID/GID is now 1000, so you'll need to build the image yourself if you want to change that, or you can just change the actual permissions of the volumes using `chown -R 1000:1000`. The flexibility provided by the legacy image came at some cost (performance & security), therefore this feature won't be provided anymore.
Other changes that should be reflected in your configuration files:
- `/config` volume is now `/nextcloud/config`
- `/apps2` volume is now `/nextcloud/apps2`
- `ghcr.io/wonderfall/mastodon` is the new image location
You should edit your `docker-compose.yml` and `config.php` accordingly.
## Get started
*To do.*