hoellen/docker-nextcloud
1
0
Fork 0
mirror of https://github.com/hoellen/docker-nextcloud.git synced 2026-06-01 22:10:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hoellen/docker-nextcloud:c0066eecfdabf11f858d814021def786ac0bfce0
Branches Tags
hoellen/docker-nextcloud:master hoellen/docker-nextcloud:version-32 hoellen/docker-nextcloud:version-31 hoellen/docker-nextcloud:version-30 hoellen/docker-nextcloud:version-29 hoellen/docker-nextcloud:version-28 hoellen/docker-nextcloud:version-27 hoellen/docker-nextcloud:version-26 hoellen/docker-nextcloud:version-25 hoellen/docker-nextcloud:version-24 hoellen/docker-nextcloud:version-23 hoellen/docker-nextcloud:version-22
...
compare: hoellen/docker-nextcloud:master
Branches Tags
hoellen/docker-nextcloud:master hoellen/docker-nextcloud:version-32 hoellen/docker-nextcloud:version-31 hoellen/docker-nextcloud:version-30 hoellen/docker-nextcloud:version-29 hoellen/docker-nextcloud:version-28 hoellen/docker-nextcloud:version-27 hoellen/docker-nextcloud:version-26 hoellen/docker-nextcloud:version-25 hoellen/docker-nextcloud:version-24 hoellen/docker-nextcloud:version-23 hoellen/docker-nextcloud:version-22

7 Commits
c0066eecfd ... master

Author SHA1 Message Date
hoellen a441bbddf4 feat: listen on IPv6 address 2026-05-01 00:32:49 +02:00
hoellen 936b72737d fix: cicd race condition 2026-04-30 23:41:21 +02:00
hoellen debf69d30c chore: update nginx config with upstream documentation 2026-04-30 23:41:17 +02:00
hoellen 0be740bcae chore: cleanup option removed from old PHP version 2026-04-30 22:45:24 +02:00
hoellen 2e11f73a89 chore: update README 2026-04-30 22:45:24 +02:00
hoellen f607c77556 chore: update cicd packages 2026-04-30 22:45:19 +02:00
Jan Wagner 2bf6716730 chore: update Nextcloud to 33.0.3 2026-04-30 21:48:32 +02:00
6 changed files with 44 additions and 54 deletions
Expand all files Collapse all files
.github/workflows/build.yml
+9 -11
View File
@@ -8,7 +8,7 @@ on:
- version-* - version-*
schedule: schedule:
# Build the image regularly (each Friday) # Build the image regularly (each Friday)
- cron: '23 04 * * 5' - cron: "23 04 * * 5"
env: env:
REGISTRY: ghcr.io REGISTRY: ghcr.io
@@ -25,7 +25,7 @@ jobs:
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v6
- name: Extract version for tags - name: Extract version for tags
run: | run: |
@@ -37,16 +37,14 @@ jobs:
- name: Install cosign - name: Install cosign
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@main uses: sigstore/cosign-installer@v4.1.1
with:
cosign-release: 'v2.2.2'
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@v4
- name: Login to registry - name: Login to registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/login-action@v1 uses: docker/login-action@v4
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
@@ -54,7 +52,7 @@ jobs:
- name: Set Docker metadata - name: Set Docker metadata
id: meta id: meta
uses: docker/metadata-action@v3 uses: docker/metadata-action@v6
with: with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: | tags: |
@@ -64,7 +62,7 @@ jobs:
- name: Build and export Docker image to Docker - name: Build and export Docker image to Docker
id: build id: build
uses: docker/build-push-action@v2 uses: docker/build-push-action@v7
with: with:
load: true load: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing
@@ -74,13 +72,13 @@ jobs:
id: test id: test
run: | run: |
docker run -d -p 8888:8888 --name nextcloud --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing && \ docker run -d -p 8888:8888 --name nextcloud --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing && \
docker exec nextcloud occ status && \ sleep 5 && docker exec nextcloud occ status && \
nc -z localhost 8888 nc -z localhost 8888
- name: Push Docker image - name: Push Docker image
id: push id: push
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/build-push-action@v2 uses: docker/build-push-action@v7
with: with:
context: . context: .
push: true push: true
.github/workflows/scan.yml
+10 -10
View File
@@ -3,7 +3,7 @@ name: scan
on: on:
schedule: schedule:
# Scan the image regularly (once a day) # Scan the image regularly (once a day)
- cron: '45 03 * * *' - cron: "45 03 * * *"
jobs: jobs:
build: build:
@@ -11,19 +11,19 @@ jobs:
runs-on: "ubuntu-24.04" runs-on: "ubuntu-24.04"
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v6
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@v0.36.0
with: with:
image-ref: 'ghcr.io/${{ github.actor }}/nextcloud' image-ref: "ghcr.io/${{ github.actor }}/nextcloud"
format: 'template' format: "template"
template: '@/contrib/sarif.tpl' template: "@/contrib/sarif.tpl"
output: 'trivy-results.sarif' output: "trivy-results.sarif"
severity: 'CRITICAL,HIGH' severity: "CRITICAL,HIGH"
vuln-type: "os" vuln-type: "os"
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: "trivy-results.sarif"
Dockerfile
+3 -3
View File
@@ -1,5 +1,5 @@
# -------------- Build-time variables -------------- # -------------- Build-time variables --------------
ARG NEXTCLOUD_VERSION=33.0.2 ARG NEXTCLOUD_VERSION=33.0.3
ARG PHP_VERSION=8.4 ARG PHP_VERSION=8.4
ARG NGINX_VERSION=1.28 ARG NGINX_VERSION=1.28
@@ -10,8 +10,8 @@ ARG SNUFFLEUPAGUS_VERSION=0.13.0
ARG UID=1000 ARG UID=1000
ARG GID=1000 ARG GID=1000
# nextcloud-33.0.2.tar.bz2 # nextcloud-33.0.3.tar.bz2
ARG SHA256_SUM="91257ab5002d5d09da8d09d80389983330351c5c00a7e3a25b177bcea81171cc" ARG SHA256_SUM="5c1052f860b35aa56b24bc2613a6bea0c22313b9fbd02bb0247c1f0b9dbf77d2"
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A) # Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
README.md
+1 -1
View File
@@ -35,7 +35,7 @@ ___
- Includes **Snuffleupagus**, [a PHP security module](https://github.com/jvoisin/snuffleupagus). - Includes **Snuffleupagus**, [a PHP security module](https://github.com/jvoisin/snuffleupagus).
- Includes a simple **built-in cron** system. - Includes a simple **built-in cron** system.
- Much easier to maintain thanks to multi-stages build. - Much easier to maintain thanks to multi-stages build.
- Does not include imagick, samba, etc. by default. - Includes imagick and smbclient for extended file handling and SMB/CIFS support.
You're free to make your own image based on this one if you want a specific feature. Uncommon features won't be included as they can increase attack surface: this image intends to stay **minimal**, but **functional enough** to cover basic needs. You're free to make your own image based on this one if you want a specific feature. Uncommon features won't be included as they can increase attack surface: this image intends to stay **minimal**, but **functional enough** to cover basic needs.
rootfs/etc/nginx/conf.d/default.conf
+21 -28
View File
@@ -1,27 +1,21 @@
map $http_x_forwarded_port $nc_port {
default "$http_x_forwarded_port";
'' "$server_port";
}
map $http_x_forwarded_proto $nc_proto {
default "$http_x_forwarded_proto";
'' "$scheme";
}
server { server {
listen 8888; listen 8888;
listen [::]:8888;
root /nextcloud; root /nextcloud;
# Emit relative redirects (protocol handled by reverse proxy)
absolute_redirect off;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
fastcgi_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By;
large_client_header_buffers 4 16k; large_client_header_buffers 4 16k;
client_body_timeout 300s;
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always; add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "0" always;
location = /robots.txt { location = /robots.txt {
allow all; allow all;
@@ -30,14 +24,18 @@ server {
} }
location ^~ /.well-known { location ^~ /.well-known {
location = /.well-known/carddav { return 301 $nc_proto://$host/remote.php/dav/; } location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 $nc_proto://$host/remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; }
location ^~ /.well-known { return 301 $nc_proto://$host/index.php$uri; }
try_files $uri $uri/ =404; return 301 /index.php$request_uri;
} }
location / { location / {
rewrite ^ /index.php$uri; rewrite ^ /index.php$request_uri;
}
location /remote {
return 301 /remote.php$request_uri;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) {
@@ -48,9 +46,9 @@ server {
return 404; return 404;
} }
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) { location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy)\.php(?:$|\/) {
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
@@ -61,25 +59,20 @@ server {
fastcgi_read_timeout 1200; fastcgi_read_timeout 1200;
} }
location ~ ^\/(?:updater|ocs-provider)(?:$|\/) { location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|jpeg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
try_files $uri /index.php$uri$is_args$args; try_files $uri /index.php$request_uri;
expires 6M; expires 6M;
access_log off; access_log off;
} }
location ~ \.(otf|woff2)?$ { location ~ \.(otf|woff2?)$ {
try_files $uri /index.php$uri$is_args$args; try_files $uri /index.php$request_uri;
expires 7d; expires 7d;
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
} }
rootfs/usr/local/etc/php/conf.d/docker-php-ext-opcache.ini
-1
View File
@@ -1,7 +1,6 @@
zend_extension=opcache.so zend_extension=opcache.so
opcache.enable=1 opcache.enable=1
opcache.enable_cli=1 opcache.enable_cli=1
opcache.fast_shutdown=1
opcache.memory_consumption=<OPCACHE_MEM_SIZE> opcache.memory_consumption=<OPCACHE_MEM_SIZE>
opcache.interned_strings_buffer=16 opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000 opcache.max_accelerated_files=10000