mirror of
https://github.com/hoellen/docker-nextcloud.git
synced 2025-07-01 15:46:13 +00:00
Compare commits
20 Commits
version-25
...
cedf7fc4c6
| Author | SHA1 | Date | |
|---|---|---|---|
| cedf7fc4c6 | |||
| 80704341e6 | |||
| 1ee6c08552 | |||
| 112339b5c8 | |||
| 2334b3e231 | |||
| 6adf9e6bf8 | |||
| 0bb63de5b4 | |||
| 0ee4012ae6 | |||
| 18da631215 | |||
| e627d1fd4c | |||
| 86012886af | |||
| de096e78a4 | |||
| 2d3fd8f5c3 | |||
| 9070495ad0 | |||
| 4ba3589149 | |||
| a7ba180598 | |||
| 4ea95f826a | |||
| 8451b3d94d | |||
| 9c24fd91b2 | |||
| 0bb5b1fa73 |
3
.github/workflows/build.yml
vendored
3
.github/workflows/build.yml
vendored
@ -3,7 +3,7 @@ name: build
|
|||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
push:
|
push:
|
||||||
branches: [ version-25 ]
|
branches: [ master ]
|
||||||
schedule:
|
schedule:
|
||||||
# Build the image regularly (each Friday)
|
# Build the image regularly (each Friday)
|
||||||
- cron: '23 04 * * 5'
|
- cron: '23 04 * * 5'
|
||||||
@ -53,6 +53,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||||
tags: |
|
tags: |
|
||||||
|
latest
|
||||||
${{ env.FULL_VERSION }}
|
${{ env.FULL_VERSION }}
|
||||||
${{ env.MAJOR_VERSION }}
|
${{ env.MAJOR_VERSION }}
|
||||||
|
|
||||||
|
|||||||
16
Dockerfile
16
Dockerfile
@ -1,17 +1,17 @@
|
|||||||
# -------------- Build-time variables --------------
|
# -------------- Build-time variables --------------
|
||||||
ARG NEXTCLOUD_VERSION=25.0.13
|
ARG NEXTCLOUD_VERSION=28.0.1
|
||||||
ARG PHP_VERSION=8.1
|
ARG PHP_VERSION=8.2
|
||||||
ARG NGINX_VERSION=1.22
|
ARG NGINX_VERSION=1.24
|
||||||
|
|
||||||
ARG ALPINE_VERSION=3.17
|
ARG ALPINE_VERSION=3.18
|
||||||
ARG HARDENED_MALLOC_VERSION=11
|
ARG HARDENED_MALLOC_VERSION=11
|
||||||
ARG SNUFFLEUPAGUS_VERSION=0.8.3
|
ARG SNUFFLEUPAGUS_VERSION=0.10.0
|
||||||
|
|
||||||
ARG UID=1000
|
ARG UID=1000
|
||||||
ARG GID=1000
|
ARG GID=1000
|
||||||
|
|
||||||
# nextcloud-25.0.13.tar.bz2
|
# nextcloud-28.0.1.tar.bz2
|
||||||
ARG SHA256_SUM="387bac148a696244f1ec02698a082d408283a875b3de85eb9719dd4493eebe33"
|
ARG SHA256_SUM="2f80735b443082272fe6a3b5e32137957f1fc448c75342b94b5200b29725f3a4"
|
||||||
|
|
||||||
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
|
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
|
||||||
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
|
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
|
||||||
@ -58,12 +58,14 @@ RUN apk -U upgrade \
|
|||||||
bcmath \
|
bcmath \
|
||||||
exif \
|
exif \
|
||||||
gd \
|
gd \
|
||||||
|
bz2 \
|
||||||
intl \
|
intl \
|
||||||
ldap \
|
ldap \
|
||||||
opcache \
|
opcache \
|
||||||
pcntl \
|
pcntl \
|
||||||
pdo_mysql \
|
pdo_mysql \
|
||||||
pdo_pgsql \
|
pdo_pgsql \
|
||||||
|
sysvsem \
|
||||||
zip \
|
zip \
|
||||||
gmp \
|
gmp \
|
||||||
&& pecl install smbclient \
|
&& pecl install smbclient \
|
||||||
|
|||||||
@ -58,8 +58,8 @@ Verifying the signature isn't a requirement, and might not be as seamless as usi
|
|||||||
## Tags
|
## Tags
|
||||||
|
|
||||||
- `latest` : latest Nextcloud version
|
- `latest` : latest Nextcloud version
|
||||||
- `x` : latest Nextcloud x.x (e.g. `25`)
|
- `x` : latest Nextcloud x.x (e.g. `28`)
|
||||||
- `x.x.x` : Nextcloud x.x.x (e.g. `25.0.0`)
|
- `x.x.x` : Nextcloud x.x.x (e.g. `28.0.0`)
|
||||||
|
|
||||||
You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud).
|
You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud).
|
||||||
Only the **latest stable version** will be maintained by myself.
|
Only the **latest stable version** will be maintained by myself.
|
||||||
|
|||||||
@ -7,12 +7,16 @@ and will receive the minor version updates and security patches.
|
|||||||
|
|
||||||
| Version | Supported |
|
| Version | Supported |
|
||||||
| ------- | ------------------ |
|
| ------- | ------------------ |
|
||||||
| 25. x | :white_check_mark: |
|
| 28. x | :white_check_mark: |
|
||||||
| 24. x | :white_check_mark: |
|
| 27. x | :white_check_mark: |
|
||||||
|
| 26. x | :white_check_mark: |
|
||||||
|
| 25. x | :negative_squared_cross_mark: |
|
||||||
|
| 24. x | :negative_squared_cross_mark: |
|
||||||
| 23. x | :negative_squared_cross_mark: |
|
| 23. x | :negative_squared_cross_mark: |
|
||||||
| 22. x | :negative_squared_cross_mark: |
|
| 22. x | :negative_squared_cross_mark: |
|
||||||
|
|
||||||
Please update to the latest version available. Major migrations are always tested before being pushed.
|
Please update to the latest version available. Major migrations are always tested before being pushed.
|
||||||
|
An up-to-date list of the currently maintained Nextcloud versions can also be found in the [Nextcloud Repository Wiki](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule).
|
||||||
|
|
||||||
## Automated vulnerability scanning
|
## Automated vulnerability scanning
|
||||||
|
|
||||||
|
|||||||
@ -21,7 +21,7 @@ server {
|
|||||||
add_header X-Download-Options "noopen" always;
|
add_header X-Download-Options "noopen" always;
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
add_header X-Robots-Tag "none" always;
|
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||||
add_header X-XSS-Protection "0" always;
|
add_header X-XSS-Protection "0" always;
|
||||||
|
|
||||||
location = /robots.txt {
|
location = /robots.txt {
|
||||||
@ -49,7 +49,7 @@ server {
|
|||||||
return 404;
|
return 404;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
|
||||||
include /etc/nginx/fastcgi_params;
|
include /etc/nginx/fastcgi_params;
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
@ -62,7 +62,7 @@ server {
|
|||||||
fastcgi_read_timeout 1200;
|
fastcgi_read_timeout 1200;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
location ~ ^\/(?:updater|ocs-provider)(?:$|\/) {
|
||||||
try_files $uri/ =404;
|
try_files $uri/ =404;
|
||||||
index index.php;
|
index index.php;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -15,6 +15,15 @@ if [ "$PHP_HARDENING" == "true" ] && [ ! -f /usr/local/etc/php/conf.d/snuffleupa
|
|||||||
cp /usr/local/etc/php/snuffleupagus/* /usr/local/etc/php/conf.d
|
cp /usr/local/etc/php/snuffleupagus/* /usr/local/etc/php/conf.d
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Check if database is available
|
||||||
|
if [ -n "${DB_TYPE}" ] && [ "${DB_TYPE}" != "sqlite3" ]; then
|
||||||
|
until nc -z "${DB_HOST:-nextcloud-db}" "${DB_PORT:-3306}"
|
||||||
|
do
|
||||||
|
echo "waiting for the database container..."
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
# If new install, run setup
|
# If new install, run setup
|
||||||
if [ ! -f /nextcloud/config/config.php ]; then
|
if [ ! -f /nextcloud/config/config.php ]; then
|
||||||
touch /nextcloud/config/CAN_INSTALL
|
touch /nextcloud/config/CAN_INSTALL
|
||||||
|
|||||||
@ -55,14 +55,6 @@ cat >> /nextcloud/config/autoconfig.php <<EOF;
|
|||||||
?>
|
?>
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
if [ ${DB_TYPE} != "sqlite3" ]; then
|
|
||||||
until nc -z "${DB_HOST:-nextcloud-db}" "${DB_PORT:-3306}"
|
|
||||||
do
|
|
||||||
echo "waiting for the database container..."
|
|
||||||
sleep 1
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Starting automatic configuration..."
|
echo "Starting automatic configuration..."
|
||||||
# Execute setup
|
# Execute setup
|
||||||
(cd /nextcloud; php index.php &>/dev/null)
|
(cd /nextcloud; php index.php &>/dev/null)
|
||||||
|
|||||||
@ -47,6 +47,10 @@ sp.disable_function.function("ini_get").param("option").value("open_basedir").fi
|
|||||||
sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").filename("/nextcloud/3rdparty/guzzlehttp/guzzle/src/Utils.php").allow();
|
sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").filename("/nextcloud/3rdparty/guzzlehttp/guzzle/src/Utils.php").allow();
|
||||||
sp.disable_function.function("exec").param("command").value("apachectl -M | grep mpm").filename("/nextcloud/apps2/spreed/lib/Settings/Admin/AdminSettings.php").allow();
|
sp.disable_function.function("exec").param("command").value("apachectl -M | grep mpm").filename("/nextcloud/apps2/spreed/lib/Settings/Admin/AdminSettings.php").allow();
|
||||||
|
|
||||||
|
# Nextcloud inherently enables XXE-Protection since 27.0.1, therefore, drop setting a new external entity loader
|
||||||
|
sp.disable_function.function("libxml_set_external_entity_loader").filename("/nextcloud/lib/base.php").allow();
|
||||||
|
sp.disable_function.function("libxml_set_external_entity_loader").drop();
|
||||||
|
|
||||||
# Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
|
# Harden the `chmod` function (0777 (oct = 511, 0666 = 438)
|
||||||
sp.disable_function.function("chmod").param("permissions").value("438").drop();
|
sp.disable_function.function("chmod").param("permissions").value("438").drop();
|
||||||
sp.disable_function.function("chmod").param("permissions").value("511").drop();
|
sp.disable_function.function("chmod").param("permissions").value("511").drop();
|
||||||
|
|||||||
Reference in New Issue
Block a user