61 Commits
Author SHA1 Message Date
Jan Wagnerandhoellen ad9b205ff4 chore: update Nextcloud to 33.0.6 2026-06-26 09:15:57 +02:00
Jan Wagnerandhoellen 3f05f0ac9e chore: update Nextcloud to 33.0.5 2026-06-03 05:47:35 +02:00
hoellen a441bbddf4 feat: listen on IPv6 address 2026-05-01 00:32:49 +02:00
hoellen 936b72737d fix: cicd race condition 2026-04-30 23:41:21 +02:00
hoellen debf69d30c chore: update nginx config with upstream documentation 2026-04-30 23:41:17 +02:00
hoellen 0be740bcae chore: cleanup option removed from old PHP version 2026-04-30 22:45:24 +02:00
hoellen 2e11f73a89 chore: update README 2026-04-30 22:45:24 +02:00
hoellen f607c77556 chore: update cicd packages 2026-04-30 22:45:19 +02:00
Jan Wagnerandhoellen 2bf6716730 chore: update Nextcloud to 33.0.3 2026-04-30 21:48:32 +02:00
Jan Wagnerandhoellen c0066eecfd chore: update Nextcloud to 33.0.2 2026-04-02 12:05:53 +02:00
Jan Wagnerandhoellen 9479b60887 chore: update Nextcloud to 33.0.1 2026-03-26 22:57:15 +01:00
hoellen 27e084b9c0 fix: git clone / docker build 2026-03-04 16:45:07 +01:00
hoellen 2af3f5c9a0 fix: branch/tag naming conflict for hardened malloc 2026-02-23 16:34:20 +01:00
wajaandGitHub b6ffac045a chore: update version in README.md and SECURITY.md 2026-02-18 19:27:48 +01:00
hoellenandhoellen 0348170b5e chore: update Nextcloud to version 33, update dependencies
- update Nextcloud to version 33.0.0
  - update Alpine Linux to 3.23
  - update PHP to 8.4
  - update hardened_malloc to branch 16
  - change verification of hardened_malloc to SSH signature instead of gpg
  - update Snuffleupagus to 0.13.0
2026-02-18 16:18:44 +01:00
Jan Wagnerandhoellen dab8d10667 chore: update Nextcloud to 32.0.6 2026-02-12 17:09:54 +01:00
Jan Wagnerandhoellen be6afd88f9 chore: update Nextcloud to 32.0.5 2026-01-16 22:29:05 +01:00
hoellen fef4cd4a28 fix: add missing colon in SECURITY.md 2025-12-11 14:18:12 +01:00
Jan Wagnerandhoellen 4a46899d8c chore: update Nextcloud to 32.0.3 2025-12-11 14:15:31 +01:00
Jan Wagnerandhoellen 9c8f6c8edb chore: update Nextcloud to 32.0.2 2025-11-20 19:44:15 +01:00
Jan Wagnerandhoellen 69000e35c3 chore: update Nextcloud to 32.0.1 2025-10-23 23:02:10 +02:00
wajaandGitHub aae170a54d chore: update latest and supported versions in README 2025-10-08 10:46:43 +02:00
wajaandGitHub 0205f7afeb feat: add CI image test 2025-10-07 22:27:07 +02:00
DingozandGitHub db1eaf50ed fix: add mp4 and webm to nginx config 2025-10-06 15:59:34 +02:00
Jan Wagnerandhoellen d16bcc9a32 chore: update Nextcloud to 32.0.0 2025-09-27 20:50:23 +02:00
Jan Wagnerandhoellen 0c6f92a628 chore: update Nextcloud to 31.0.9 2025-09-15 12:59:43 +02:00
hoellen b4b8e7f154 chore: update nginx version to 1.28 2025-08-18 10:12:45 +02:00
hoellen fd021043c4 chore: update Nextcloud to 31.0.8 2025-08-18 10:00:06 +02:00
Jan Wagnerandhoellen f623065f7a chore: update Nextcloud to 31.0.7 2025-07-10 22:13:42 +02:00
Jan Wagnerandhoellen a277e11505 chore: update Nextcloud to 31.0.6 2025-06-12 10:41:10 +02:00
Jan Wagnerandhoellen 42b36e3c9b chore: update Nextcloud to 31.0.5 2025-05-16 09:16:24 +02:00
wajaandGitHub 51b19a1236 chore: revert imagick installation to pecl
3.8.0 was released and should include the fix:
https://pecl.php.net/package/imagick/3.8.0

ref: https://github.com/hoellen/docker-nextcloud/pull/103
2025-04-28 18:52:47 +02:00
wajaandGitHub 4270518e02 chore: fixing Docker build checks
* Fixing FromAsCasing
(See https://docs.docker.com/reference/build-checks/from-as-casing/)

* Fixing LegacyKeyValueFormat
(See https://docs.docker.com/reference/build-checks/legacy-key-value-format/)
2025-04-25 11:02:07 +02:00
wajaandGitHub 78e4175f7f chore: update supported Nextcloud versions 2025-04-25 10:58:36 +02:00
Jan Wagnerandhoellen 46828aed43 chore: update Nextcloud to 31.0.4 2025-04-25 10:55:30 +02:00
Jan Wagnerandhoellen 19dc754372 CI: Fix unsupported runner, use ubuntu-24.04 2025-04-18 16:50:36 +02:00
Jan Wagnerandhoellen 54e9f1feda chore: update Nextcloud to 31.0.3 2025-04-14 10:23:29 +02:00
wajaandGitHub 2892342326 chore: update Nextcloud to 31.0.2 2025-03-19 22:16:43 +01:00
wajaandGitHub a15384e7e5 chore: update Nextcloud to 31.0.1 2025-03-14 09:28:14 +01:00
hoellen 5d5b8ebc1a chore: update Nextcloud to 31.0.0 2025-02-25 14:12:11 +01:00
hoellen 921eec5693 chore: update Nextcloud to 30.0.6 2025-02-13 15:45:41 +01:00
wajaandGitHub 1b0c1fb747 chore: update Nextcloud to 30.0.5 2025-01-21 22:15:49 +01:00
wajaandGitHub a7ade2cbc4 fix: pin Imagick version to fix build error (#102)
Related: #102, #103
2024-12-18 13:32:50 +01:00
hoellen 3451a6219a fix: wrong path because of usr-merge 2024-12-13 15:10:06 +01:00
Jan Wagnerandhoellen 16acf58089 chore: update Nextcloud to 30.0.4 2024-12-13 11:18:34 +01:00
wajaandGitHub ae0277a368 chore: raise Alpine Linux version to 3.21
Release notes: https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.21.0
2024-12-13 11:18:06 +01:00
Jan Wagnerandhoellen aeea888ef9 Raise PHP version to 8.3
(Closes: #94)
2024-12-08 13:37:56 +01:00
hoellen ae5b0cfd0c chore: update Nextcloud to version 30.0.3 2024-12-06 03:31:04 +01:00
hoellen ee9d26963c chore: update Nextcloud to version 30.0.2 2024-11-07 19:40:18 +01:00
hoellen a5538adb2f fix: add otf loading in nginx config 2024-10-18 12:03:06 +02:00
Jan Wagnerandhoellen ee98f35852 chore: update Nextcloud to 30.0.1 2024-10-18 12:02:34 +02:00
wajaandGitHub 2ceb05c146 chore: update Nextcloud to 30.0.0 2024-09-14 19:52:28 +02:00
Jan Wagnerandhoellen ee2760237f chore: update Nextcloud to 29.0.7 2024-09-13 05:38:50 +02:00
Jan Wagnerandhoellen 6aa67c63b5 chore: update Nextcloud to 29.0.5 2024-08-21 10:03:37 +02:00
wajaandGitHub a0442ed1de chore: adding trailing slash
see https://docs.nextcloud.com/server/29/admin_manual/installation/nginx.html
2024-08-21 10:02:39 +02:00
hoellen 74e06ec86d chore: update Nextcloud to 29.0.4 2024-07-20 11:06:42 +02:00
Jan Wagnerandhoellen ce390fc654 chore: update Nextcloud to 29.0.3 2024-06-25 15:03:57 +02:00
Jan Wagnerandhoellen 6facdfba4f chore: update Nextcloud to 29.0.2 2024-06-07 00:26:54 +02:00
Jan Wagnerandhoellen 60954e1ad7 chore: update Nextcloud to 29.0.1 2024-05-23 23:07:46 +02:00
Jan Wagnerandhoellen 539f41e25e chore: update Alpine to 3.20 2024-05-23 23:07:46 +02:00
hoellen fa3fe52dd2 chore: update Nextcloud to 29.0.0 2024-04-24 17:39:44 +02:00
8 changed files with 92 additions and 79 deletions
+27 -13
View File
@@ -8,7 +8,7 @@ on:
- version-* - version-*
schedule: schedule:
# Build the image regularly (each Friday) # Build the image regularly (each Friday)
- cron: '23 04 * * 5' - cron: "23 04 * * 5"
env: env:
REGISTRY: ghcr.io REGISTRY: ghcr.io
@@ -25,7 +25,7 @@ jobs:
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v6
- name: Extract version for tags - name: Extract version for tags
run: | run: |
@@ -37,16 +37,14 @@ jobs:
- name: Install cosign - name: Install cosign
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@main uses: sigstore/cosign-installer@v4.1.1
with:
cosign-release: 'v2.2.2'
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@v4
- name: Login to registry - name: Login to registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/login-action@v1 uses: docker/login-action@v4
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
@@ -54,7 +52,7 @@ jobs:
- name: Set Docker metadata - name: Set Docker metadata
id: meta id: meta
uses: docker/metadata-action@v3 uses: docker/metadata-action@v6
with: with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: | tags: |
@@ -62,12 +60,28 @@ jobs:
${{ env.FULL_VERSION }} ${{ env.FULL_VERSION }}
${{ env.MAJOR_VERSION }} ${{ env.MAJOR_VERSION }}
- name: Build and push Docker image - name: Build and export Docker image to Docker
id: build-and-push id: build
uses: docker/build-push-action@v2 uses: docker/build-push-action@v7
with:
load: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing
context: .
- name: Test Docker image
id: test
run: |
docker run -d -p 8888:8888 --name nextcloud --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing && \
sleep 5 && docker exec nextcloud occ status && \
nc -z localhost 8888
- name: Push Docker image
id: push
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v7
with: with:
context: . context: .
push: ${{ github.event_name != 'pull_request' }} push: true
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
@@ -75,4 +89,4 @@ jobs:
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
env: env:
COSIGN_EXPERIMENTAL: "true" COSIGN_EXPERIMENTAL: "true"
run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}
+11 -11
View File
@@ -3,27 +3,27 @@ name: scan
on: on:
schedule: schedule:
# Scan the image regularly (once a day) # Scan the image regularly (once a day)
- cron: '45 03 * * *' - cron: "45 03 * * *"
jobs: jobs:
build: build:
name: Scan current image & report results name: Scan current image & report results
runs-on: "ubuntu-20.04" runs-on: "ubuntu-24.04"
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v6
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@v0.36.0
with: with:
image-ref: 'ghcr.io/${{ github.actor }}/nextcloud' image-ref: "ghcr.io/${{ github.actor }}/nextcloud"
format: 'template' format: "template"
template: '@/contrib/sarif.tpl' template: "@/contrib/sarif.tpl"
output: 'trivy-results.sarif' output: "trivy-results.sarif"
severity: 'CRITICAL,HIGH' severity: "CRITICAL,HIGH"
vuln-type: "os" vuln-type: "os"
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: "trivy-results.sarif"
+17 -16
View File
@@ -1,24 +1,24 @@
# -------------- Build-time variables -------------- # -------------- Build-time variables --------------
ARG NEXTCLOUD_VERSION=28.0.6 ARG NEXTCLOUD_VERSION=33.0.6
ARG PHP_VERSION=8.2 ARG PHP_VERSION=8.4
ARG NGINX_VERSION=1.26 ARG NGINX_VERSION=1.28
ARG ALPINE_VERSION=3.20 ARG ALPINE_VERSION=3.23
ARG HARDENED_MALLOC_VERSION=11 ARG HARDENED_MALLOC_VERSION=14
ARG SNUFFLEUPAGUS_VERSION=0.10.0 ARG SNUFFLEUPAGUS_VERSION=0.13.0
ARG UID=1000 ARG UID=1000
ARG GID=1000 ARG GID=1000
# nextcloud-28.0.6.tar.bz2 # nextcloud-33.0.6.tar.bz2
ARG SHA256_SUM="df0d3384b447cba1e128f22080f6780521f868169beabee8ea0d155bf9c66b8f" ARG SHA256_SUM="791821a55029944de04319cfcafcac4ae8e7ef56b4cd1efc2631bf30b79d16de"
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A) # Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
# --------------------------------------------------- # ---------------------------------------------------
### Build PHP base ### Build PHP base
FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} as base FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} AS base
ARG SNUFFLEUPAGUS_VERSION ARG SNUFFLEUPAGUS_VERSION
@@ -85,25 +85,26 @@ RUN apk -U upgrade \
### Build Hardened Malloc ### Build Hardened Malloc
ARG ALPINE_VERSION ARG ALPINE_VERSION
FROM docker.io/library/alpine:${ALPINE_VERSION} as build-malloc FROM docker.io/library/alpine:${ALPINE_VERSION} AS build-malloc
ARG HARDENED_MALLOC_VERSION ARG HARDENED_MALLOC_VERSION
ARG CONFIG_NATIVE=false ARG CONFIG_NATIVE=false
ARG VARIANT=light ARG VARIANT=light
RUN apk --no-cache add build-base git gnupg && cd /tmp \ RUN apk --no-cache add build-base git openssh && cd /tmp \
&& wget -q https://github.com/thestinger.gpg && gpg --import thestinger.gpg \ && wget -q -O - https://github.com/thestinger.keys | while read -r key; do echo "thestinger@github.com $key"; done > allowed_signers \
&& git clone --depth 1 --branch ${HARDENED_MALLOC_VERSION} https://github.com/GrapheneOS/hardened_malloc \ && git config --global gpg.ssh.allowedSignersFile /tmp/allowed_signers && git init hardened_malloc && cd hardened_malloc \
&& cd hardened_malloc && git verify-tag $(git describe --tags) \ && git fetch --depth 1 https://github.com/GrapheneOS/hardened_malloc tag ${HARDENED_MALLOC_VERSION} \
&& git checkout FETCH_HEAD && git verify-tag $(git describe --tags) \
&& make CONFIG_NATIVE=${CONFIG_NATIVE} VARIANT=${VARIANT} && make CONFIG_NATIVE=${CONFIG_NATIVE} VARIANT=${VARIANT}
### Fetch nginx ### Fetch nginx
FROM docker.io/library/nginx:${NGINX_VERSION}-alpine as nginx FROM docker.io/library/nginx:${NGINX_VERSION}-alpine${ALPINE_VERSION} AS nginx
### Build Nextcloud (production environemnt) ### Build Nextcloud (production environemnt)
FROM base as nextcloud FROM base AS nextcloud
COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx
COPY --from=nginx /etc/nginx /etc/nginx COPY --from=nginx /etc/nginx /etc/nginx
+3 -3
View File
@@ -35,7 +35,7 @@ ___
- Includes **Snuffleupagus**, [a PHP security module](https://github.com/jvoisin/snuffleupagus). - Includes **Snuffleupagus**, [a PHP security module](https://github.com/jvoisin/snuffleupagus).
- Includes a simple **built-in cron** system. - Includes a simple **built-in cron** system.
- Much easier to maintain thanks to multi-stages build. - Much easier to maintain thanks to multi-stages build.
- Does not include imagick, samba, etc. by default. - Includes imagick and smbclient for extended file handling and SMB/CIFS support.
You're free to make your own image based on this one if you want a specific feature. Uncommon features won't be included as they can increase attack surface: this image intends to stay **minimal**, but **functional enough** to cover basic needs. You're free to make your own image based on this one if you want a specific feature. Uncommon features won't be included as they can increase attack surface: this image intends to stay **minimal**, but **functional enough** to cover basic needs.
@@ -58,8 +58,8 @@ Verifying the signature isn't a requirement, and might not be as seamless as usi
## Tags ## Tags
- `latest` : latest Nextcloud version - `latest` : latest Nextcloud version
- `x` : latest Nextcloud x.x (e.g. `28`) - `x` : latest Nextcloud x.x (e.g. `33`)
- `x.x.x` : Nextcloud x.x.x (e.g. `28.0.0`) - `x.x.x` : Nextcloud x.x.x (e.g. `33.0.0`)
You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud). You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud).
Only the **latest stable version** will be maintained by myself. Only the **latest stable version** will be maintained by myself.
+11 -5
View File
@@ -5,10 +5,15 @@
All versions of the Nextcloud community version which still receive updates will be supported All versions of the Nextcloud community version which still receive updates will be supported
and will receive the minor version updates and security patches. and will receive the minor version updates and security patches.
| Version | Supported | | Version | Supported |
| ------- | ------------------ | | ------- | ----------------------------- |
| 28. x | :white_check_mark: | | 33. x | :white_check_mark: |
| 27. x | :white_check_mark: | | 32. x | :white_check_mark: |
| 31. x | :negative_squared_cross_mark: |
| 30. x | :negative_squared_cross_mark: |
| 29. x | :negative_squared_cross_mark: |
| 28. x | :negative_squared_cross_mark: |
| 27. x | :negative_squared_cross_mark: |
| 26. x | :negative_squared_cross_mark: | | 26. x | :negative_squared_cross_mark: |
| 25. x | :negative_squared_cross_mark: | | 25. x | :negative_squared_cross_mark: |
| 24. x | :negative_squared_cross_mark: | | 24. x | :negative_squared_cross_mark: |
@@ -24,9 +29,10 @@ Uploaded images are regularly scanned for [OS vulnerabilities](https://github.co
## Reporting a vulnerability ## Reporting a vulnerability
*Upstream* vulnerabilities should be reported to *upstream* projects according to their own security policies. _Upstream_ vulnerabilities should be reported to _upstream_ projects according to their own security policies.
Regarding vulnerabilities specific to this project: Regarding vulnerabilities specific to this project:
- Faulty configuration files - Faulty configuration files
- Unsafe defaults - Unsafe defaults
- Dependencies security updates - Dependencies security updates
+21 -28
View File
@@ -1,27 +1,21 @@
map $http_x_forwarded_port $nc_port {
default "$http_x_forwarded_port";
'' "$server_port";
}
map $http_x_forwarded_proto $nc_proto {
default "$http_x_forwarded_proto";
'' "$scheme";
}
server { server {
listen 8888; listen 8888;
listen [::]:8888;
root /nextcloud; root /nextcloud;
# Emit relative redirects (protocol handled by reverse proxy)
absolute_redirect off;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
fastcgi_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By;
large_client_header_buffers 4 16k; large_client_header_buffers 4 16k;
client_body_timeout 300s;
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always; add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "0" always;
location = /robots.txt { location = /robots.txt {
allow all; allow all;
@@ -30,14 +24,18 @@ server {
} }
location ^~ /.well-known { location ^~ /.well-known {
location = /.well-known/carddav { return 301 $nc_proto://$host/remote.php/dav; } location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 $nc_proto://$host/remote.php/dav; } location = /.well-known/caldav { return 301 /remote.php/dav/; }
location ^~ /.well-known { return 301 $nc_proto://$host/index.php$uri; }
try_files $uri $uri/ =404; return 301 /index.php$request_uri;
} }
location / { location / {
rewrite ^ /index.php$uri; rewrite ^ /index.php$request_uri;
}
location /remote {
return 301 /remote.php$request_uri;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) {
@@ -48,9 +46,9 @@ server {
return 404; return 404;
} }
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) { location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy)\.php(?:$|\/) {
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
@@ -61,25 +59,20 @@ server {
fastcgi_read_timeout 1200; fastcgi_read_timeout 1200;
} }
location ~ ^\/(?:updater|ocs-provider)(?:$|\/) { location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|jpeg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
try_files $uri /index.php$uri$is_args$args; try_files $uri /index.php$request_uri;
expires 6M; expires 6M;
access_log off; access_log off;
} }
location ~ \.woff2?$ { location ~ \.(otf|woff2?)$ {
try_files $uri /index.php$uri$is_args$args; try_files $uri /index.php$request_uri;
expires 7d; expires 7d;
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
} }
+1 -1
View File
@@ -34,4 +34,4 @@ else
fi fi
# Run processes # Run processes
exec /bin/s6-svscan /etc/s6.d exec /usr/bin/s6-svscan /etc/s6.d
@@ -1,7 +1,6 @@
zend_extension=opcache.so zend_extension=opcache.so
opcache.enable=1 opcache.enable=1
opcache.enable_cli=1 opcache.enable_cli=1
opcache.fast_shutdown=1
opcache.memory_consumption=<OPCACHE_MEM_SIZE> opcache.memory_consumption=<OPCACHE_MEM_SIZE>
opcache.interned_strings_buffer=16 opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000 opcache.max_accelerated_files=10000