hoellen/docker-nextcloud
1
0
Fork 0
mirror of https://github.com/hoellen/docker-nextcloud.git synced 2026-01-17 12:28:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hoellen:master
Branches Tags
hoellen:master hoellen:version-31 hoellen:version-30 hoellen:version-29 hoellen:version-28 hoellen:version-27 hoellen:version-26 hoellen:version-25 hoellen:version-24 hoellen:version-23 hoellen:version-22
..
compare: hoellen:ab3bdd0e4372ffd85ef2bc1fdb9d09a4178a30c7
Branches Tags
hoellen:version-31 hoellen:master hoellen:version-30 hoellen:version-29 hoellen:version-28 hoellen:version-27 hoellen:version-26 hoellen:version-25 hoellen:version-24 hoellen:version-23 hoellen:version-22

1 Commits
master ... ab3bdd0e43

Author SHA1 Message Date
Jan Wagner
ab3bdd0e43 chore: update Nextcloud to 28.0.5 2024-04-26 05:48:53 +02:00
7 changed files with 28 additions and 49 deletions
Expand all files Collapse all files

24
.github/workflows/build.yml vendored
View File

@@ -62,28 +62,12 @@ jobs:
${{ env.FULL_VERSION }} ${{ env.FULL_VERSION }}
${{ env.MAJOR_VERSION }} ${{ env.MAJOR_VERSION }}
- name: Build and export Docker image to Docker - name: Build and push Docker image
id: build id: build-and-push
uses: docker/build-push-action@v2
with:
load: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing
context: .
- name: Test Docker image
id: test
run: |
docker run -d -p 8888:8888 --name nextcloud --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing && \
docker exec nextcloud occ status && \
nc -z localhost 8888
- name: Push Docker image
id: push
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v2 uses: docker/build-push-action@v2
with: with:
context: . context: .
push: true push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
@@ -91,4 +75,4 @@ jobs:
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
env: env:
COSIGN_EXPERIMENTAL: "true" COSIGN_EXPERIMENTAL: "true"
run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }} run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}

2
.github/workflows/scan.yml vendored
View File

@@ -8,7 +8,7 @@ on:
jobs: jobs:
build: build:
name: Scan current image & report results name: Scan current image & report results
runs-on: "ubuntu-24.04" runs-on: "ubuntu-20.04"
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v2

20
Dockerfile
View File

@@ -1,24 +1,24 @@
# -------------- Build-time variables -------------- # -------------- Build-time variables --------------
ARG NEXTCLOUD_VERSION=32.0.5 ARG NEXTCLOUD_VERSION=28.0.5
ARG PHP_VERSION=8.3 ARG PHP_VERSION=8.2
ARG NGINX_VERSION=1.28 ARG NGINX_VERSION=1.26
ARG ALPINE_VERSION=3.21 ARG ALPINE_VERSION=3.19
ARG HARDENED_MALLOC_VERSION=11 ARG HARDENED_MALLOC_VERSION=11
ARG SNUFFLEUPAGUS_VERSION=0.10.0 ARG SNUFFLEUPAGUS_VERSION=0.10.0
ARG UID=1000 ARG UID=1000
ARG GID=1000 ARG GID=1000
# nextcloud-32.0.5.tar.bz2 # nextcloud-28.0.5.tar.bz2
ARG SHA256_SUM="8dd0bc8f8e2d262edad11197d4a07af799b51fe872ee2d9259ffa19b43e543ad" ARG SHA256_SUM="dca1100f95b864bade113477723c71ac897193352c317e39cd286d87635706eb"
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A) # Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
# --------------------------------------------------- # ---------------------------------------------------
### Build PHP base ### Build PHP base
FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} AS base FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} as base
ARG SNUFFLEUPAGUS_VERSION ARG SNUFFLEUPAGUS_VERSION
@@ -85,7 +85,7 @@ RUN apk -U upgrade \
### Build Hardened Malloc ### Build Hardened Malloc
ARG ALPINE_VERSION ARG ALPINE_VERSION
FROM docker.io/library/alpine:${ALPINE_VERSION} AS build-malloc FROM docker.io/library/alpine:${ALPINE_VERSION} as build-malloc
ARG HARDENED_MALLOC_VERSION ARG HARDENED_MALLOC_VERSION
ARG CONFIG_NATIVE=false ARG CONFIG_NATIVE=false
@@ -99,11 +99,11 @@ RUN apk --no-cache add build-base git gnupg && cd /tmp \
### Fetch nginx ### Fetch nginx
FROM docker.io/library/nginx:${NGINX_VERSION}-alpine AS nginx FROM docker.io/library/nginx:${NGINX_VERSION}-alpine as nginx
### Build Nextcloud (production environemnt) ### Build Nextcloud (production environemnt)
FROM base AS nextcloud FROM base as nextcloud
COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx
COPY --from=nginx /etc/nginx /etc/nginx COPY --from=nginx /etc/nginx /etc/nginx

4
README.md
View File

@@ -58,8 +58,8 @@ Verifying the signature isn't a requirement, and might not be as seamless as usi
## Tags ## Tags
- `latest` : latest Nextcloud version - `latest` : latest Nextcloud version
- `x` : latest Nextcloud x.x (e.g. `32`) - `x` : latest Nextcloud x.x (e.g. `28`)
- `x.x.x` : Nextcloud x.x.x (e.g. `32.0.0`) - `x.x.x` : Nextcloud x.x.x (e.g. `28.0.0`)
You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud). You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud).
Only the **latest stable version** will be maintained by myself. Only the **latest stable version** will be maintained by myself.

17
SECURITY.md
View File

@@ -2,17 +2,13 @@
## Supported versions ## Supported versions
All versions of the Nextcloud community version which still receive updates will be supported All versions of the Nextcloud community version which still receive updates will be supported
and will receive the minor version updates and security patches. and will receive the minor version updates and security patches.
| Version | Supported | | Version | Supported |
| ------- | ----------------------------- | | ------- | ------------------ |
| 32. x | :white_check_mark: | | 28. x | :white_check_mark: |
| 31. x | :white_check_mark: | | 27. x | :white_check_mark: |
| 30. x | :negative_squared_cross_mark: |
| 29. x | :negative_squared_cross_mark: |
| 28. x | :negative_squared_cross_mark: |
| 27. x | :negative_squared_cross_mark: |
| 26. x | :negative_squared_cross_mark: | | 26. x | :negative_squared_cross_mark: |
| 25. x | :negative_squared_cross_mark: | | 25. x | :negative_squared_cross_mark: |
| 24. x | :negative_squared_cross_mark: | | 24. x | :negative_squared_cross_mark: |
@@ -28,10 +24,9 @@ Uploaded images are regularly scanned for [OS vulnerabilities](https://github.co
## Reporting a vulnerability ## Reporting a vulnerability
_Upstream_ vulnerabilities should be reported to _upstream_ projects according to their own security policies. *Upstream* vulnerabilities should be reported to *upstream* projects according to their own security policies.
Regarding vulnerabilities specific to this project: Regarding vulnerabilities specific to this project:
- Faulty configuration files - Faulty configuration files
- Unsafe defaults - Unsafe defaults
- Dependencies security updates - Dependencies security updates

8
rootfs/etc/nginx/conf.d/default.conf
View File

@@ -30,8 +30,8 @@ server {
} }
location ^~ /.well-known { location ^~ /.well-known {
location = /.well-known/carddav { return 301 $nc_proto://$host/remote.php/dav/; } location = /.well-known/carddav { return 301 $nc_proto://$host/remote.php/dav; }
location = /.well-known/caldav { return 301 $nc_proto://$host/remote.php/dav/; } location = /.well-known/caldav { return 301 $nc_proto://$host/remote.php/dav; }
location ^~ /.well-known { return 301 $nc_proto://$host/index.php$uri; } location ^~ /.well-known { return 301 $nc_proto://$host/index.php$uri; }
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
@@ -72,13 +72,13 @@ server {
access_log off; access_log off;
} }
location ~ \.(otf|woff2)?$ { location ~ \.woff2?$ {
try_files $uri /index.php$uri$is_args$args; try_files $uri /index.php$uri$is_args$args;
expires 7d; expires 7d;
access_log off; access_log off;
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$uri$is_args$args; try_files $uri /index.php$uri$is_args$args;
access_log off; access_log off;
} }

2
rootfs/usr/local/bin/run.sh
View File

@@ -34,4 +34,4 @@ else
fi fi
# Run processes # Run processes
exec /usr/bin/s6-svscan /etc/s6.d exec /bin/s6-svscan /etc/s6.d