hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-07-01 22:55:39 +00:00
Code Issues Projects Releases Wiki Activity

move owncloud to nextcloud

Browse Source
This commit is contained in:
Wonderfall
2016-06-16 12:54:04 +02:00
parent fc9b9b9115
commit 58c1d7d027
12 changed files with 166 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
nextcloud/Dockerfile Normal file
View File

@ -0,0 +1,92 @@
FROM alpine:edge
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG NEXTCLOUD_VERSION=9.0.50
ARG APCU_VERSION=5.1.5
ARG APCUBC_VERSION=1.0.3
ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
ENV GID=991 UID=991
RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& BUILD_DEPS=" \
build-base \
autoconf \
gnupg \
tar" \
&& apk -U add \
$BUILD_DEPS \
nginx \
supervisor \
openssl \
ca-certificates \
libwebp \
tini@commuedge \
php7@testing \
php7-fpm@testing \
php7-intl@testing \
php7-mbstring@testing \
php7-curl@testing \
php7-gd@testing \
php7-mcrypt@testing \
php7-opcache@testing \
php7-json@testing \
php7-session@testing \
php7-pdo@testing \
php7-dom@testing \
php7-ctype@testing \
php7-iconv@testing \
php7-pdo_mysql@testing \
php7-zlib@testing \
php7-zip@testing \
php7-xmlreader@testing \
php7-posix@testing \
php7-openssl@testing \
php7-dev@testing \
php7-pear@testing \
&& mkdir /nextcloud && cd /tmp \
&& NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL} \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.sha256 \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.asc \
&& wget -q https://pecl.php.net/get/apcu-${APCU_VERSION}.tgz \
&& wget -q https://pecl.php.net/get/apcu_bc-${APCUBC_VERSION}.tgz \
&& echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \
&& CHECKSUM_STATE=$(echo -n $(sha256sum -c ${NEXTCLOUD_TARBALL}.sha256) | tail -c 2) \
&& if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \
&& wget -q https://nextcloud.com/nextcloud.asc \
&& gpg --import nextcloud.asc \
&& FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
&& echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \
&& tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \
&& tar xzf apcu-${APCU_VERSION}.tgz && tar xzf apcu_bc-${APCUBC_VERSION}.tgz \
&& cd apcu-${APCU_VERSION} && phpize7 && ./configure --with-php-config=/usr/bin/php-config7 && make && make install \
&& cd ../apcu_bc-${APCUBC_VERSION} && phpize7 && ./configure --with-php-config=/usr/bin/php-config7 && make && make install \
&& sed -i "s/;env\[PATH\]/env\[PATH\]/g" /etc/php7/php-fpm.d/www.conf \
&& apk del ${BUILD_DEPS} php7-dev php7-pear \
&& rm -rf /var/cache/apk/* /tmp/* /root/.gnupg
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php7/php-fpm.conf
COPY opcache.ini /etc/php7/conf.d/00_opcache.ini
COPY apcu.ini /etc/php7/conf.d/00_apcu.ini
COPY supervisord.conf /etc/supervisor/supervisord.conf
COPY run.sh /usr/local/bin/run.sh
COPY cron /etc/periodic/15min/nextcloud
RUN chmod +x /usr/local/bin/run.sh /etc/periodic/15min/nextcloud
VOLUME /data /config /apps2
EXPOSE 80
LABEL description="A server software for creating file hosting services" \
nextcloud="ownCloud v${NEXTCLOUD_VERSION}" \
apcu="apcu v${APCU_VERSION}" \
apcu_bc="apcu_bc v${APCUBC_VERSION}"
CMD ["/sbin/tini","--","run.sh"]

117
nextcloud/README.md Normal file
View File

@ -0,0 +1,117 @@
## wonderfall/nextcloud
![](https://nextcloud.com/wp-content/themes/next/assets/img/common/logo_nextcloud_white.svg?8d74c5)
#### Features
- Based on **Alpine Linux** (edge).
- **Ready to update** : data and apps persistence.
- **nginx** is the webserver.
- **PHP 7** version is used.
- **OPCache** (opcode cache) is configured to provide better performances.
- **APCu** (data store) is installed, so you can benefit from memory caching.
- **system cron** is already configured (you can disable AJAX cron).
- **MySQL/MariaDB** compatibility (server not built-in).
- **Secure installation**, it verifies both integrity and authenticity (sha256sum && gpg).
- **UID/GID flexibility**, you won't bother about permissions.
**This image is meant to be used behind a secure reverse proxy.**
#### Tags
- `latest`, `9.0` : nextcloud 9.0.x (actual version : 9.0.50).
#### Build-time variables
- **NEXTCLOUD_VERSION** : version of nextcloud
- **APCU_VERSION** : version of apcu pecl ext
- **APCUBC_VERSION** : version of apcu_bc pecl ext
- **GPG_nextcloud** : fingerprint of the signing key
#### Environment variables
- **UID** : nextcloud user id *(default : 991)*
- **GID** : nextcloud group id *(default : 991)*
#### Volumes
- **/data** : nextcloud data (your files!).
- **/config** : configuration files (contains config.php).
- **/apps2** : nextcloud downloaded apps (like calendar, contacts, etc.).
Hey, you should add the following code to your config.php in order to enable apps persistence :
```
"apps_paths" => array (
0 => array (
"path" => "/nextcloud/apps",
"url" => "/apps",
"writable" => false,
),
1 => array (
"path" => "/apps2",
"url" => "/apps2",
"writable" => true,
),
),
```
#### About the database
You have to use an external database container, it is thus allowing better security and less complexity. I suggest you to use MariaDB, which is a reliable database server. For instance, you can use the official `mariadb` image available as an automated build that you can find on Docker Hub. Since sqlite is supected by nextcloud to cause some troubles with sync clients, sqlite databases are not suported.
#### Once runned!
Go to your nextcloud instance, change `/ocwww/data` to `/data` (recommended), and fill in all the fields to configure your database. Don't forget to type a strong password. You should also avoid to name your admin account "admin".
#### Configure
When you mount `/config`, you don't really mount `/ocwww/nextcloud/config`. `/config` should contain `config.php`, although this is not the one actually used by nextcloud. However, each time you restart the container, `/config/config.php` overwrites `/ocwww/config/config.php`. Before that, `/ocwww/config/config.php` is copied as `/config/config.php.bkp`, so you can easily revert changes.
Now, nextcloud should be 100% functionnal. APCu can be enabled if you set it correctly in the config.php file (see further). **system cron is already active**. **You should switch** from `AJAX cron` to `cron` (system cron) in the admin pannel. By the way, **I highly recommend encryption**! My buid is fully-compatible with the encryption module.
*config.php parameters can be found [here](https://doc.nextcloud.org/server/9.0/admin_manual/configuration_server/config_sample_php_parameters.html) and [there](https://doc.nextcloud.org/server/9.0/admin_manual/installation/apps_management_installation.html)* This is espacially useful when you're using a reverse proxy, and/or if you'd like to keep your 3rd-party plugins across updates (you should use the /apps volume to do that). **READ THE DOCUMENTATION.**
#### How do I update?
Just pull the newer image, and recreate the container. As you may know, backups are highly recommended (don't fear that, Docker just makes things a lot easier!), and even if it's boring, do it, do it, do it! The version directive in your `/config/config.php` is automatically updated with the one eventually generated by nextcloud after an upgrade.
#### Enable APCU
Add this line to your config.php :
```
'memcache.local' => '\OC\Memcache\APCu',
```
#### Docker Compose (example)
```
reverse:
...
links:
- nextcloud:nextcloud
...
nextcloud:
image: wonderfall/nextcloud:9.0
links:
- db_nextcloud:db_nextcloud
environment:
- UID=1000
- GID=1000
volumes:
- /mnt/nextcloud/data:/data
- /mnt/nextcloud/config:/config
- /mnt/nextcloud/apps:/apps2
db_nextcloud:
image: mariadb:10
volumes:
- /mnt/nextcloud/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=supersecretpassword
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=supersecretpassword
```
#### Port
- **80** (cf Reverse Proxy).
#### Reverse proxy
https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
Note that you don't have to add any headers since they're already included in the container (you avoid useless warnings from nextcloud). It is strongly recommended to use nextcloud through an encrypted connection (HTTPS).
#### Enjoy!
Go to your admin pannel, and check the **Security & setup warnings** section. If you see **"All checks passed"**, then you can congratulate yourself!

6
nextcloud/apcu.ini Normal file
View File

@ -0,0 +1,6 @@
extension=apcu.so
extension=apc.so
apc.enabled=1
apc.enable_cli=1
apc.shm_size=256M
apc.ttl=7200

2
nextcloud/cron Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
su - nextcloud -c "php7 -f /nextcloud/cron.php" > /dev/null 2>&1

105
nextcloud/nginx.conf Normal file
View File

@ -0,0 +1,105 @@
user nextcloud;
worker_processes auto;
pid /var/run/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
fastcgi_temp_path /tmp/fastcgi 1 2;
client_body_temp_path /tmp/client_body 1 2;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
server {
listen 80;
index index.php;
root /nextcloud;
client_max_body_size 10G;
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location / {
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 = 404;
include fastcgi_params;
fastcgi_param modHeadersAvailable true;
fastcgi_param SCRIPT_FILENAME $document_root$1;
fastcgi_param PATH_INFO $2;
fastcgi_pass unix:/var/run/php-fpm.sock;
}
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
}

8
nextcloud/opcache.ini Normal file
View File

@ -0,0 +1,8 @@
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.fast_shutdown=1
opcache.memory_consumption=256
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=5413
opcache.revalidate_freq=60

16
nextcloud/php-fpm.conf Normal file
View File

@ -0,0 +1,16 @@
[global]
daemonize = no
[www]
user = nextcloud
group = nextcloud
listen = /var/run/php-fpm.sock
listen.owner = nextcloud
listen.group = nextcloud
pm = dynamic
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
request_terminate_timeout = 300

23
nextcloud/run.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/sh
addgroup -g ${GID} nextcloud && adduser -h /nextcloud -s /bin/sh -D -G nextcloud -u ${UID} nextcloud
if [ -f /nextcloud/config/config.php ] && [ ! -f /config/config.php ]; then
cp /nextcloud/config/config.php /config/config.php
elif [ -f /config/config.php ]; then
if [ -f /nextcloud/config/config.php ]; then
sed -i "s/.*version.*/`grep "version" \/nextcloud\/config\/config.php`/" /config/config.php
CONFIG=`md5sum /config/config.php | awk '{ print $1 }'`
CONFIGINS=`md5sum /nextcloud/config/config.php | awk '{ print $1 }'`
if [ $CONFIG != $CONFIGINS ]; then
mv /nextcloud/config/config.php /config/config.php.bkp
fi
fi
cp /config/config.php /nextcloud/config/config.php
fi
touch /var/run/php-fpm.sock
mkdir /tmp/fastcgi /tmp/client_body
chown -R nextcloud:nextcloud /nextcloud /data /config /apps2 /var/run/php-fpm.sock /var/lib/nginx /tmp
ln -s /apps2 /nextcloud
supervisord -c /etc/supervisor/supervisord.conf

11
nextcloud/supervisord.conf Normal file
View File

@ -0,0 +1,11 @@
[supervisord]
nodaemon=true
[program:cron]
command=crond -f
[program:php-fpm]
command=php-fpm7
[program:nginx]
command=nginx