initial commit

owncloud/Dockerfile

@@ -0,0 +1,65 @@
+FROM debian:jessie
+MAINTAINER Wonderfall <wonderfall@mondedie.fr>
+
+ENV VERSION=9.0.0 TINI_VER=0.9.0 USERID=1000 GROUPID=1000
+
+ADD https://www.dotdeb.org/dotdeb.gpg /tmp/dotdeb.gpg
+ADD http://nginx.org/keys/nginx_signing.key /tmp/nginx.key
+
+RUN echo "deb http://packages.dotdeb.org jessie all" > /etc/apt/sources.list.d/dotdeb.list \
+ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" > /etc/apt/sources.list.d/nginx.list \
+ && echo "deb-src http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list.d/nginx.list \
+ && apt-key add /tmp/dotdeb.gpg \
+ && apt-key add /tmp/nginx.key
+
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends --no-install-suggests \
+    cron \
+    nginx \
+    openssl \
+    supervisor \
+    php7.0-fpm \
+    php7.0-cli \
+    php7.0-intl \
+    php7.0-curl \
+    php7.0-gd \
+    php7.0-mcrypt \
+    php7.0-mysql \
+ && mkdir /run/php && touch /run/php/php7.0-fpm.sock \
+ && chown www-data:www-data /run/php/php7.0-fpm.sock \
+ && sed -i "s/;env\[PATH\]/env\[PATH\]/g" /etc/php/7.0/fpm/pool.d/www.conf \
+ && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests \
+    bzip2 \
+    wget \
+    ca-certificates \
+ && mkdir /owncloud && cd /tmp \
+ && wget -q https://download.owncloud.org/community/owncloud-$VERSION.tar.bz2 \
+ && wget -q https://download.owncloud.org/community/owncloud-$VERSION.tar.bz2.sha256 \
+ && wget -q https://download.owncloud.org/community/owncloud-$VERSION.tar.bz2.asc \
+ && wget -q https://owncloud.org/owncloud.asc \
+ && sha256sum -c owncloud-$VERSION.tar.bz2.sha256 \
+ && gpg --import owncloud.asc \
+ && gpg --verify owncloud-$VERSION.tar.bz2.asc \
+ && tar xjf /tmp/owncloud-$VERSION.tar.bz2 --strip 1 -C /owncloud \
+ && wget -q https://github.com/krallin/tini/releases/download/v$TINI_VER/tini_$TINI_VER.deb \
+ && dpkg -i tini_$TINI_VER.deb \
+ && apt-get purge -y wget bzip2 ca-certificates && apt-get autoremove -y --purge \
+ && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/*
+
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY supervisord.conf /etc/supervisord.conf
+COPY cron.conf /etc/cron.conf
+COPY opcache.ini /etc/php/mods-available/opcache.ini
+COPY run.sh /usr/local/bin/run.sh
+
+RUN chmod +x /usr/local/bin/run.sh
+
+VOLUME /data /config /apps2
+EXPOSE 80
+
+LABEL description="A server software for creating file hosting services" \
+      owncloud="ownCloud v$VERSION"
+
+CMD ["tini","--","run.sh"]

owncloud/README.md

@@ -0,0 +1,111 @@
+## wonderfall/owncloud
+[![](https://badge.imagelayers.io/wonderfall/owncloud:latest.svg)](https://imagelayers.io/?images=wonderfall/owncloud:latest 'Get your own badge on imagelayers.io')
+
+![](https://i.goopics.net/lu.png)
+
+#### Features
+- Based on `debian/jessie`.
+- **Lightweight**, even though it's based on Debian, I did my best.
+- **Functional by design**, and even through updates.
+- **nginx 1.9.10** (mainline) is the webserver.
+- **PHP 7.0.3** (latest stable) is used.
+- **supervisor** is running the services.
+- **OPCache** is configured to provide best performances.
+- **system cron** is already configured (you can disable AJAX cron).
+- **MySQL/MariaDB** compatibility (server not built-in)
+- **Secure installation**, it verifies both integrity and authenticity (sha256sum && gpg).
+- **UID/GID flexibility**, so you won't bother about permissions.
+
+#### Tags
+- `latest`, `8.2` : ownCloud 8.2.x (actual version : 8.2.2).
+- `dev` *(if present)* : don't use it unless you have a reason.
+
+If you want some security, versioning with tags should be available since 8.2 (e.g. the next tags will be 8.3, 8.4, etc. major updates as you can notice). I do not make tags for minor updates, like 8.2.1, 8.2.2, 8.2.x, since it's only bugfixes and security patches, which are strongly recommended.
+
+#### Environment variables
+- **USERID** : owncloud user id.
+- **GROUPID** : owncloud group id.
+
+#### Volumes
+- **/data** : owncloud data (e.g. your files)
+- **/config** : configuration files
+- **/apps2** : owncloud downloaded apps
+
+#### About the database
+You have to use an external database container, thus allowing better security and less complexity. I suggest you to use MySQL/MariaDB, a reliable database server. For instance, you can use the official `mariadb` build, which is very easy to run and of course available on Docker Hub. I decided not to use sqlite since it's not recommended by ownCloud (sqlite is supected to cause some troubles with sync clients).
+
+#### Once runned!
+Go to your ownCloud instance, change `/ocwww/data` to `/data` (recommended), and fill in all the fields to configure your database. **Note #1 :** when you mount `/config`, you don't really mount `/ocwww/owncloud/config`. `/config` should contain `config.php`, although this is not the one actually used by ownCloud. However, each time you restart the container, `/config/config.php` overwrites `/ocwww/config/config.php`. Before that, `/ocwww/config/config.php` is copied as `/config/config.php.bkp`, so you can easily revert changes you're not satisfied of. **Note #2 :** this build doesn't make use of https, because I use it behind a reverse proxy (nginx), which is using https. You can do the same, it's easy to setup : take a look at my build `wonderfall/reverse` if you're interested.
+
+#### Configure
+Now, ownCloud should be 100% functionnal. APCu was installed and configured before, but I had too many problems using this... on top of that, I didn't notice any performance improvement over Opcache + PHP7. As ownCloud recommends, **system cron is already active**. You should switch from `AJAX cron` to `cron` (system cron) in the admin pannel. By the way, I highly recommend encryption! My buid is fully-compatible with the encryption module. 
+
+*config.php parameters can be found [here](https://doc.owncloud.org/server/8.2/admin_manual/configuration_server/config_sample_php_parameters.html) and [there](https://doc.owncloud.org/server/8.2/admin_manual/installation/apps_management_installation.html)* This is espacially useful when you're using a reverse proxy, and/or if you'd like to keep your 3rd-party plugins across updates (you should use the /apps volume to do that). **READ THE DOCUMENTATION, I WON'T DO SOME MAGIC TRICKS FOR YOU.**
+
+#### How do I update?
+Just pull the newer image, and recreate the container. As you may know, backups are highly recommended (don't fear that, Docker just makes things a lot easier!), and even if it's boring, do it, do it, do it! There should be no issue with config.php, but if you see the setup screen, don't panic (your volumes should be intact...) and just restart the container and check `/ocwww/config/config.php`. 
+
+#### config.php (example, behind reverse proxy + external apps path)
+```
+<?php
+$CONFIG = array (
+  ...
+  'trusted_domains' => 
+  array (
+    0 => 'owncloud',
+    1 => 'your.domain.tld',
+  ),
+  ...
+  "apps_paths" => array (
+      0 => array (
+              "path"     => "/owncloud/apps",
+              "url"      => "/apps",
+              "writable" => false,
+      ),
+      1 => array (
+              "path"     => "/apps2",
+              "url"      => "/apps2",
+              "writable" => true,
+      ),
+  ),
+  ...
+  'overwritehost' => 'your.domain.tld',
+  'overwriteprotocol' => 'https',
+  'updatechecker' => false,
+  ...
+);
+```
+
+#### Docker Compose (example)
+```
+reverse: # if any
+  ...
+  links:
+    - owncloud:owncloud
+  ...
+
+owncloud:
+  image: wonderfall/owncloud:8.2
+  links:
+    - db_owncloud:db_owncloud
+  environment:
+    - USERID=1000
+    - GROUPID=1000
+  volumes:
+    - /mnt/owncloud/data:/data
+    - /mnt/owncloud/config:/config
+    - /mnt/owncloud/apps:/apps2
+
+db_owncloud:
+  image: mariadb:10
+  volumes:
+    - /mnt/owncloud/db:/var/lib/mysql
+  environment:
+    - MYSQL_ROOT_PASSWORD=supersecretpassword
+    - MYSQL_DATABASE=owncloud
+    - MYSQL_USER=owncloud
+    - MYSQL_PASSWORD=supersecretpassword
+```
+
+#### Reverse proxy
+https://github.com/Wonderfall/dockerfiles/tree/master/reverse

owncloud/cron.conf

@@ -0,0 +1 @@
+*/15  *  *  *  * php -f /owncloud/cron.php > /dev/null 2>&1

owncloud/nginx.conf

@@ -0,0 +1,93 @@
+user www-data;
+worker_processes auto;
+pid /var/run/nginx.pid;
+daemon off;
+
+events {
+    worker_connections 1024;
+    use epoll;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    access_log off;
+    error_log /var/log/nginx/error.log error;
+
+    sendfile on;
+    keepalive_timeout 15;
+    keepalive_disable msie6;
+    keepalive_requests 100;
+    tcp_nopush on;
+    tcp_nodelay off;
+    server_tokens off;
+
+    gzip on;
+    gzip_comp_level 5;
+    gzip_min_length 512;
+    gzip_buffers 4 8k;
+    gzip_proxied any;
+    gzip_vary on;
+    gzip_disable "msie6";
+    gzip_types
+        text/css
+        text/javascript
+        text/xml
+        text/plain
+        text/x-component
+        application/javascript
+        application/x-javascript
+        application/json
+        application/xml
+        application/rss+xml
+        application/vnd.ms-fontobject
+        font/truetype
+        font/opentype
+        image/svg+xml;
+
+    server {
+        listen 80;
+        index index.php;
+        root /owncloud;
+        client_max_body_size 10G;
+        fastcgi_buffers 64 4K;
+        rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
+        rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
+        rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+        error_page 403 /core/templates/403.php;
+        error_page 404 /core/templates/404.php;
+
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }
+
+        location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
+            deny all;
+        }
+
+        location / {
+            rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+            rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+            rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
+            rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
+            rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+            try_files $uri $uri/ index.php;
+        }
+
+        location ~ ^(.+?\.php)(/.*)?$ {
+            try_files $1 = 404;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$1;
+            fastcgi_param PATH_INFO $2;
+            fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+        }
+
+        location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
+            expires 30d;
+            access_log off;
+        }
+    }
+}

owncloud/opcache.ini

@@ -0,0 +1,10 @@
+; configuration for php opcache module
+; priority=10
+zend_extension=opcache.so
+opcache.enable=1
+opcache.enable_cli=1
+opcache.fast_shutdown=1
+opcache.memory_consumption=256
+opcache.interned_strings_buffer=16
+opcache.max_accelerated_files=5413
+opcache.revalidate_freq=60

owncloud/run.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+deluser www-data
+addgroup --gid $GROUPID www-data
+adduser --system --no-create-home --ingroup www-data --uid $USERID www-data
+crontab -u www-data /etc/cron.conf
+
+if [ -f /owncloud/config/config.php ] && [ ! -f /config/config.php ]; then
+  cp /owncloud/config/config.php /config/config.php
+elif [ -f /config/config.php ]; then
+  mv /owncloud/config/config.php /config/config.php.bkp
+  cp /config/config.php /owncloud/config/config.php
+fi
+
+chown -R www-data:www-data /owncloud /data /config /apps2
+ln -s /apps2 /owncloud
+
+supervisord -c /etc/supervisord.conf

owncloud/supervisord.conf

@@ -0,0 +1,11 @@
+[supervisord]
+nodaemon=true
+
+[program:cron]
+command=cron -f
+
+[program:php-fpm]
+command=php-fpm7.0 --nodaemonize
+
+[program:nginx]
+command=nginx