mirror of
https://github.com/hoellen/docker-nextcloud.git
synced 2026-01-16 20:07:07 +00:00
Compare commits
44 Commits
version-28
...
fef4cd4a28
| Author | SHA1 | Date | |
|---|---|---|---|
| fef4cd4a28 | |||
|
4a46899d8c | ||
|
|
9c8f6c8edb | ||
|
|
69000e35c3 | ||
|
aae170a54d | ||
|
|
0205f7afeb | ||
|
db1eaf50ed | ||
|
|
d16bcc9a32 | ||
|
|
0c6f92a628 | ||
| b4b8e7f154 | |||
| fd021043c4 | |||
|
|
f623065f7a | ||
|
|
a277e11505 | ||
|
|
42b36e3c9b | ||
|
|
51b19a1236 | ||
|
|
4270518e02 | ||
|
|
78e4175f7f | ||
|
|
46828aed43 | ||
|
|
19dc754372 | ||
|
|
54e9f1feda | ||
|
|
2892342326 | ||
|
|
a15384e7e5 | ||
| 5d5b8ebc1a | |||
| 921eec5693 | |||
|
|
1b0c1fb747 | ||
|
|
a7ade2cbc4 | ||
| 3451a6219a | |||
|
|
16acf58089 | ||
|
|
ae0277a368 | ||
|
|
aeea888ef9 | ||
| ae5b0cfd0c | |||
| ee9d26963c | |||
| a5538adb2f | |||
|
|
ee98f35852 | ||
|
|
2ceb05c146 | ||
|
|
ee2760237f | ||
|
|
6aa67c63b5 | ||
|
|
a0442ed1de | ||
| 74e06ec86d | |||
|
|
ce390fc654 | ||
|
|
6facdfba4f | ||
|
|
60954e1ad7 | ||
|
|
539f41e25e | ||
| fa3fe52dd2 |
24
.github/workflows/build.yml
vendored
24
.github/workflows/build.yml
vendored
@@ -62,12 +62,28 @@ jobs:
|
|||||||
${{ env.FULL_VERSION }}
|
${{ env.FULL_VERSION }}
|
||||||
${{ env.MAJOR_VERSION }}
|
${{ env.MAJOR_VERSION }}
|
||||||
|
|
||||||
- name: Build and push Docker image
|
- name: Build and export Docker image to Docker
|
||||||
id: build-and-push
|
id: build
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
load: true
|
||||||
|
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing
|
||||||
|
context: .
|
||||||
|
|
||||||
|
- name: Test Docker image
|
||||||
|
id: test
|
||||||
|
run: |
|
||||||
|
docker run -d -p 8888:8888 --name nextcloud --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing && \
|
||||||
|
docker exec nextcloud occ status && \
|
||||||
|
nc -z localhost 8888
|
||||||
|
|
||||||
|
- name: Push Docker image
|
||||||
|
id: push
|
||||||
|
if: github.event_name != 'pull_request'
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v2
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
push: ${{ github.event_name != 'pull_request' }}
|
push: true
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
|
|
||||||
@@ -75,4 +91,4 @@ jobs:
|
|||||||
if: ${{ github.event_name != 'pull_request' }}
|
if: ${{ github.event_name != 'pull_request' }}
|
||||||
env:
|
env:
|
||||||
COSIGN_EXPERIMENTAL: "true"
|
COSIGN_EXPERIMENTAL: "true"
|
||||||
run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
|
run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}
|
||||||
|
|||||||
2
.github/workflows/scan.yml
vendored
2
.github/workflows/scan.yml
vendored
@@ -8,7 +8,7 @@ on:
|
|||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
name: Scan current image & report results
|
name: Scan current image & report results
|
||||||
runs-on: "ubuntu-20.04"
|
runs-on: "ubuntu-24.04"
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|||||||
20
Dockerfile
20
Dockerfile
@@ -1,24 +1,24 @@
|
|||||||
# -------------- Build-time variables --------------
|
# -------------- Build-time variables --------------
|
||||||
ARG NEXTCLOUD_VERSION=28.0.14
|
ARG NEXTCLOUD_VERSION=32.0.3
|
||||||
ARG PHP_VERSION=8.2
|
ARG PHP_VERSION=8.3
|
||||||
ARG NGINX_VERSION=1.26
|
ARG NGINX_VERSION=1.28
|
||||||
|
|
||||||
ARG ALPINE_VERSION=3.20
|
ARG ALPINE_VERSION=3.21
|
||||||
ARG HARDENED_MALLOC_VERSION=11
|
ARG HARDENED_MALLOC_VERSION=11
|
||||||
ARG SNUFFLEUPAGUS_VERSION=0.10.0
|
ARG SNUFFLEUPAGUS_VERSION=0.10.0
|
||||||
|
|
||||||
ARG UID=1000
|
ARG UID=1000
|
||||||
ARG GID=1000
|
ARG GID=1000
|
||||||
|
|
||||||
# nextcloud-28.0.14.tar.bz2
|
# nextcloud-32.0.3.tar.bz2
|
||||||
ARG SHA256_SUM="4a937f1882486426c9703e59ec4b293f621be8d080b7f85016f629903c3af336"
|
ARG SHA256_SUM="9b71ac96c910b4a350d986bd3a92ea06f02a161fa586334b56d87d8acafc62d4"
|
||||||
|
|
||||||
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
|
# Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
|
||||||
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
|
ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
|
||||||
# ---------------------------------------------------
|
# ---------------------------------------------------
|
||||||
|
|
||||||
### Build PHP base
|
### Build PHP base
|
||||||
FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} as base
|
FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} AS base
|
||||||
|
|
||||||
ARG SNUFFLEUPAGUS_VERSION
|
ARG SNUFFLEUPAGUS_VERSION
|
||||||
|
|
||||||
@@ -85,7 +85,7 @@ RUN apk -U upgrade \
|
|||||||
|
|
||||||
### Build Hardened Malloc
|
### Build Hardened Malloc
|
||||||
ARG ALPINE_VERSION
|
ARG ALPINE_VERSION
|
||||||
FROM docker.io/library/alpine:${ALPINE_VERSION} as build-malloc
|
FROM docker.io/library/alpine:${ALPINE_VERSION} AS build-malloc
|
||||||
|
|
||||||
ARG HARDENED_MALLOC_VERSION
|
ARG HARDENED_MALLOC_VERSION
|
||||||
ARG CONFIG_NATIVE=false
|
ARG CONFIG_NATIVE=false
|
||||||
@@ -99,11 +99,11 @@ RUN apk --no-cache add build-base git gnupg && cd /tmp \
|
|||||||
|
|
||||||
|
|
||||||
### Fetch nginx
|
### Fetch nginx
|
||||||
FROM docker.io/library/nginx:${NGINX_VERSION}-alpine as nginx
|
FROM docker.io/library/nginx:${NGINX_VERSION}-alpine AS nginx
|
||||||
|
|
||||||
|
|
||||||
### Build Nextcloud (production environemnt)
|
### Build Nextcloud (production environemnt)
|
||||||
FROM base as nextcloud
|
FROM base AS nextcloud
|
||||||
|
|
||||||
COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx
|
COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx
|
||||||
COPY --from=nginx /etc/nginx /etc/nginx
|
COPY --from=nginx /etc/nginx /etc/nginx
|
||||||
|
|||||||
@@ -58,8 +58,8 @@ Verifying the signature isn't a requirement, and might not be as seamless as usi
|
|||||||
## Tags
|
## Tags
|
||||||
|
|
||||||
- `latest` : latest Nextcloud version
|
- `latest` : latest Nextcloud version
|
||||||
- `x` : latest Nextcloud x.x (e.g. `28`)
|
- `x` : latest Nextcloud x.x (e.g. `32`)
|
||||||
- `x.x.x` : Nextcloud x.x.x (e.g. `28.0.0`)
|
- `x.x.x` : Nextcloud x.x.x (e.g. `32.0.0`)
|
||||||
|
|
||||||
You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud).
|
You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud).
|
||||||
Only the **latest stable version** will be maintained by myself.
|
Only the **latest stable version** will be maintained by myself.
|
||||||
|
|||||||
17
SECURITY.md
17
SECURITY.md
@@ -2,13 +2,17 @@
|
|||||||
|
|
||||||
## Supported versions
|
## Supported versions
|
||||||
|
|
||||||
All versions of the Nextcloud community version which still receive updates will be supported
|
All versions of the Nextcloud community version which still receive updates will be supported
|
||||||
and will receive the minor version updates and security patches.
|
and will receive the minor version updates and security patches.
|
||||||
|
|
||||||
| Version | Supported |
|
| Version | Supported |
|
||||||
| ------- | ------------------ |
|
| ------- | ----------------------------- |
|
||||||
| 28. x | :white_check_mark: |
|
| 32. x | :white_check_mark: |
|
||||||
| 27. x | :white_check_mark: |
|
| 31. x | :white_check_mark: |
|
||||||
|
| 30. x | :negative_squared_cross_mark: |
|
||||||
|
| 29. x | :negative_squared_cross_mark: |
|
||||||
|
| 28. x | :negative_squared_cross_mark: |
|
||||||
|
| 27. x | :negative_squared_cross_mark: |
|
||||||
| 26. x | :negative_squared_cross_mark: |
|
| 26. x | :negative_squared_cross_mark: |
|
||||||
| 25. x | :negative_squared_cross_mark: |
|
| 25. x | :negative_squared_cross_mark: |
|
||||||
| 24. x | :negative_squared_cross_mark: |
|
| 24. x | :negative_squared_cross_mark: |
|
||||||
@@ -24,9 +28,10 @@ Uploaded images are regularly scanned for [OS vulnerabilities](https://github.co
|
|||||||
|
|
||||||
## Reporting a vulnerability
|
## Reporting a vulnerability
|
||||||
|
|
||||||
*Upstream* vulnerabilities should be reported to *upstream* projects according to their own security policies.
|
_Upstream_ vulnerabilities should be reported to _upstream_ projects according to their own security policies.
|
||||||
|
|
||||||
Regarding vulnerabilities specific to this project:
|
Regarding vulnerabilities specific to this project:
|
||||||
|
|
||||||
- Faulty configuration files
|
- Faulty configuration files
|
||||||
- Unsafe defaults
|
- Unsafe defaults
|
||||||
- Dependencies security updates
|
- Dependencies security updates
|
||||||
|
|||||||
@@ -30,8 +30,8 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location ^~ /.well-known {
|
location ^~ /.well-known {
|
||||||
location = /.well-known/carddav { return 301 $nc_proto://$host/remote.php/dav; }
|
location = /.well-known/carddav { return 301 $nc_proto://$host/remote.php/dav/; }
|
||||||
location = /.well-known/caldav { return 301 $nc_proto://$host/remote.php/dav; }
|
location = /.well-known/caldav { return 301 $nc_proto://$host/remote.php/dav/; }
|
||||||
location ^~ /.well-known { return 301 $nc_proto://$host/index.php$uri; }
|
location ^~ /.well-known { return 301 $nc_proto://$host/index.php$uri; }
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
@@ -78,7 +78,7 @@ server {
|
|||||||
access_log off;
|
access_log off;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
|
||||||
try_files $uri /index.php$uri$is_args$args;
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
access_log off;
|
access_log off;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -34,4 +34,4 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Run processes
|
# Run processes
|
||||||
exec /bin/s6-svscan /etc/s6.d
|
exec /usr/bin/s6-svscan /etc/s6.d
|
||||||
|
|||||||
Reference in New Issue
Block a user