hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-19 20:09:16 +00:00
Code Issues Projects Releases Wiki Activity

nextcloud: fix #102

Browse Source
This commit is contained in:
Wonderfall 2017-01-22 02:48:30 +01:00
parent 998ef53d70
commit 8ec09b74a0
30 changed files with 5 additions and 883 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
nextcloud/10.0-armhf/Dockerfile
View File

@ -1,122 +0,0 @@
FROM orax/alpine-armhf:edge
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG NEXTCLOUD_VERSION=10.0.2
ARG GNU_LIBICONV_VERSION=1.14
ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
ENV UID=991 GID=991 \
UPLOAD_MAX_SIZE=10G \
APC_SHM_SIZE=128M \
OPCACHE_MEM_SIZE=128 \
REDIS_MAX_MEMORY=64mb \
CRON_PERIOD=15m \
TZ=Etc/UTC \
DB_TYPE=sqlite3 \
ADMIN_USER=admin \
ADMIN_PASSWORD=admin
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& BUILD_DEPS=" \
gnupg \
tar \
build-base \
autoconf \
automake \
libtool \
samba-dev" \
&& apk -U add \
${BUILD_DEPS} \
nginx \
s6 \
libressl \
ca-certificates \
libsmbclient \
samba-client \
su-exec \
tzdata \
redis \
php7@commuedge \
php7-fpm@commuedge \
php7-intl@commuedge \
php7-mbstring@commuedge \
php7-curl@commuedge \
php7-gd@commuedge \
php7-mcrypt@commuedge \
php7-opcache@commuedge \
php7-json@commuedge \
php7-session@commuedge \
php7-pdo@commuedge \
php7-dom@commuedge \
php7-ctype@commuedge \
php7-pdo_mysql@commuedge \
php7-pdo_pgsql@commuedge \
php7-pgsql@commuedge \
php7-pdo_sqlite@commuedge \
php7-sqlite3@commuedge \
php7-zlib@commuedge \
php7-zip@commuedge \
php7-xmlreader@commuedge \
php7-posix@commuedge \
php7-openssl@commuedge \
php7-ldap@commuedge \
php7-ftp@commuedge \
php7-pcntl@commuedge \
php7-exif@commuedge \
php7-apcu@testing \
php7-redis@testing \
php7-pear@commuedge \
php7-dev@commuedge \
&& sed -i "$ s|\-n||g" /usr/bin/pecl && pecl install smbclient \
&& cd /tmp && wget -q http://ftp.gnu.org/pub/gnu/libiconv/libiconv-${GNU_LIBICONV_VERSION}.tar.gz \
&& tar xzf libiconv-${GNU_LIBICONV_VERSION}.tar.gz && cd libiconv-${GNU_LIBICONV_VERSION} \
&& ./configure --prefix=/usr/local \
&& wget -q https://raw.githubusercontent.com/mxe/mxe/7e231efd245996b886b501dad780761205ecf376/src/libiconv-1-fixes.patch \
&& patch -p1 -u < libiconv-1-fixes.patch \
&& make && make install && libtool --finish /usr/local/lib && cd /tmp \
&& wget -q http://is1.php.net/get/php-7.0.13.tar.gz/from/this/mirror -O php7.tar.gz \
&& tar xzf php7.tar.gz && cd /tmp/php-7.0.13/ext/iconv && phpize7 \
&& ./configure --with-iconv=/usr/local --with-php-config=/usr/bin/php-config7 \
&& make && cp modules/iconv.so /usr/lib/php7/modules && cd /tmp \
&& echo "extension=iconv.so" > /etc/php7/conf.d/00_iconv.ini \
&& echo "extension=smbclient.so" > /etc/php7/conf.d/00_smbclient.ini \
&& mkdir /nextcloud \
&& NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL} \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.sha256 \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.asc \
&& wget -q https://nextcloud.com/nextcloud.asc \
&& echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \
&& CHECKSUM_STATE=$(echo -n $(sha256sum -c ${NEXTCLOUD_TARBALL}.sha256) | tail -c 2) \
&& if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \
&& gpg --import nextcloud.asc \
&& FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
&& echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \
&& tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \
&& apk del ${BUILD_DEPS} php7-pear php7-dev \
&& rm -rf /var/cache/apk/* /tmp/* /root/.gnupg
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php7/php-fpm.conf
COPY opcache.ini /etc/php7/conf.d/00_opcache.ini
COPY apcu.ini /etc/php7/conf.d/apcu.ini
COPY redis.conf /etc/redis.conf
COPY run.sh /usr/local/bin/run.sh
COPY setup.sh /usr/local/bin/setup.sh
COPY occ /usr/local/bin/occ
COPY s6.d /etc/s6.d
RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /data /config /apps2 /var/lib/redis
EXPOSE 8888
LABEL description="A server software for creating file hosting services" \
nextcloud="Nextcloud v${NEXTCLOUD_VERSION}"
CMD ["run.sh"]

4
nextcloud/10.0-armhf/apcu.ini
View File

@ -1,4 +0,0 @@
extension=apcu.so
apc.enabled=1
apc.shm_size=<APC_SHM_SIZE>
apc.ttl=7200

113
nextcloud/10.0-armhf/nginx.conf
View File

@ -1,113 +0,0 @@
worker_processes auto;
pid /tmp/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /tmp/ngx_error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
fastcgi_temp_path /tmp/fastcgi 1 2;
client_body_temp_path /tmp/client_body 1 2;
proxy_temp_path /tmp/proxy 1 2;
uwsgi_temp_path /tmp/uwsgi 1 2;
scgi_temp_path /tmp/scgi 1 2;
gzip off;
server {
listen 8888;
root /nextcloud;
client_max_body_size <UPLOAD_MAX_SIZE>;
fastcgi_buffers 64 4K;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 1200;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}
}

2
nextcloud/10.0-armhf/occ
View File

@ -1,2 +0,0 @@
#!/bin/sh
su-exec $UID:$GID php7 /nextcloud/occ $@

8
nextcloud/10.0-armhf/opcache.ini
View File

@ -1,8 +0,0 @@
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.fast_shutdown=1
opcache.memory_consumption=<OPCACHE_MEM_SIZE>
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=5413
opcache.revalidate_freq=60

18
nextcloud/10.0-armhf/php-fpm.conf
View File

@ -1,18 +0,0 @@
[global]
daemonize = no
[www]
listen = /tmp/php-fpm.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 6
chdir = /
request_terminate_timeout = 0
env[PATH] = /usr/local/bin:/usr/bin:/bin
php_admin_value[post_max_size] = <UPLOAD_MAX_SIZE>
php_admin_value[upload_max_filesize] = <UPLOAD_MAX_SIZE>
php_admin_value[max_execution_time] = 10800
php_admin_value[max_input_time] = 3600
php_admin_value[expose_php] = Off

14
nextcloud/10.0-armhf/redis.conf
View File

@ -1,14 +0,0 @@
bind 127.0.0.1
protected-mode yes
port 0
unixsocket /tmp/redis.sock
unixsocketperm 700
daemonize no
pidfile /tmp/redis.pid
logfile /tmp/redis.log
save 900 1
save 300 10
save 60 10000
dbfilename dump.rdb
dir /var/lib/redis/
maxmemory <REDIS_MAX_MEMORY>

33
nextcloud/10.0-armhf/run.sh
View File

@ -1,33 +0,0 @@
#!/bin/sh
sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/php7/php-fpm.conf \
-e "s/<APC_SHM_SIZE>/$APC_SHM_SIZE/g" /etc/php7/conf.d/apcu.ini \
-e "s/<OPCACHE_MEM_SIZE>/$OPCACHE_MEM_SIZE/g" /etc/php7/conf.d/00_opcache.ini \
-e "s/<REDIS_MAX_MEMORY>/$REDIS_MAX_MEMORY/g" /etc/redis.conf \
-e "s/<CRON_PERIOD>/$CRON_PERIOD/g" /etc/s6.d/cron/run
# Put the configuration and apps into volumes
ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null
ln -sf /apps2 /nextcloud &>/dev/null
for dir in /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /var/lib/redis /tmp /etc/s6.d; do
if $(find $dir ! -user $UID -o ! -group $GID|egrep '.' -q); then
chown -R $UID:$GID $dir
fi
done
if [ ! -f /config/config.php ]; then
# New installation, run the setup
/usr/local/bin/setup.sh
else
occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
occ maintenance:mode --off
echo "...which seemed to work."
fi
fi
exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d

3
nextcloud/10.0-armhf/s6.d/.s6-svscan/finish
View File

@ -1,3 +0,0 @@
#!/bin/sh
exit 0

6
nextcloud/10.0-armhf/s6.d/cron/run
View File

@ -1,6 +0,0 @@
#!/bin/sh
while true; do
php7 -f /nextcloud/cron.php
sleep <CRON_PERIOD>
done

2
nextcloud/10.0-armhf/s6.d/nginx/run
View File

@ -1,2 +0,0 @@
#!/bin/sh
exec nginx

2
nextcloud/10.0-armhf/s6.d/php/run
View File

@ -1,2 +0,0 @@
#!/bin/sh
exec php-fpm7

2
nextcloud/10.0-armhf/s6.d/redis/run
View File

@ -1,2 +0,0 @@
#!/bin/sh
exec redis-server /etc/redis.conf

112
nextcloud/10.0-armhf/setup.sh
View File

@ -1,112 +0,0 @@
#!/bin/sh
# Nextcloud
##########################
#source setup/functions.sh # load our functions
#source /etc/mailinabox.conf # load global vars
CONFIGFILE=/config/config.php
# Create an initial configuration file.
instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1)
cat > $CONFIGFILE <<EOF;
<?php
\$CONFIG = array (
'datadirectory' => '/data',
"apps_paths" => array (
0 => array (
"path" => "/nextcloud/apps",
"url" => "/apps",
"writable" => false,
),
1 => array (
"path" => "/apps2",
"url" => "/apps2",
"writable" => true,
),
),
'memcache.local' => '\OC\Memcache\APCu',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => '/tmp/redis.sock',
'port' => 0,
'timeout' => 0.0,
),
'instanceid' => '$instanceid',
);
?>
EOF
# Create an auto-configuration file to fill in database settings
# when the install script is run. Make an administrator account
# here or else the install can't finish.
adminpassword=$(dd if=/dev/urandom bs=1 count=40 2>/dev/null | sha1sum | fold -w 30 | head -n 1)
cat > /nextcloud/config/autoconfig.php <<EOF;
<?php
\$AUTOCONFIG = array (
# storage/database
'directory' => '/data',
'dbtype' => '${DB_TYPE:-sqlite3}',
'dbname' => '${DB_NAME:-nextcloud}',
'dbuser' => '${DB_USER:-nextcloud}',
'dbpass' => '${DB_PASSWORD:-password}',
'dbhost' => '${DB_HOST:-nextcloud-db}',
'dbtableprefix' => 'oc_',
EOF
if [[ ! -z "$ADMIN_USER" ]]; then
cat >> /nextcloud/config/autoconfig.php <<EOF;
# create an administrator account with a random password so that
# the user does not have to enter anything on first load of ownCloud
'adminlogin' => '${ADMIN_USER}',
'adminpass' => '${ADMIN_PASSWORD}',
EOF
fi
cat >> /nextcloud/config/autoconfig.php <<EOF;
);
?>
EOF
echo "Starting automatic configuration..."
# Execute ownCloud's setup step, which creates the ownCloud database.
# It also wipes it if it exists. And it updates config.php with database
# settings and deletes the autoconfig.php file.
(cd /nextcloud; php7 index.php)
echo "Automatic configuration finished."
# Update config.php.
# * trusted_domains is reset to localhost by autoconfig starting with ownCloud 8.1.1,
# so set it here. It also can change if the box's PRIMARY_HOSTNAME changes, so
# this will make sure it has the right value.
# * Some settings weren't included in previous versions of Mail-in-a-Box.
# * We need to set the timezone to the system timezone to allow fail2ban to ban
# users within the proper timeframe
# * We need to set the logdateformat to something that will work correctly with fail2ban
# Use PHP to read the settings file, modify it, and write out the new settings array.
CONFIG_TEMP=$(/bin/mktemp)
php7 <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE
<?php
include("/config/config.php");
//\$CONFIG['memcache.local'] = '\\OC\\Memcache\\Memcached';
\$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches our master administrator address
\$CONFIG['logtimezone'] = '$TZ';
\$CONFIG['logdateformat'] = 'Y-m-d H:i:s';
echo "<?php\n\\\$CONFIG = ";
var_export(\$CONFIG);
echo ";";
?>
EOF
chown -R $UID:$GID /config /data
# Enable/disable apps. Note that this must be done after the ownCloud setup.
# The firstrunwizard gave Josh all sorts of problems, so disabling that.
# user_external is what allows ownCloud to use IMAP for login. The contacts
# and calendar apps are the extensions we really care about here.
occ app:disable firstrunwizard

122
nextcloud/10.0/Dockerfile
View File

@ -1,122 +0,0 @@
FROM alpine:edge
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG NEXTCLOUD_VERSION=10.0.2
ARG GNU_LIBICONV_VERSION=1.14
ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
ENV UID=991 GID=991 \
UPLOAD_MAX_SIZE=10G \
APC_SHM_SIZE=128M \
OPCACHE_MEM_SIZE=128 \
REDIS_MAX_MEMORY=64mb \
CRON_PERIOD=15m \
TZ=Etc/UTC \
DB_TYPE=sqlite3 \
ADMIN_USER=admin \
ADMIN_PASSWORD=admin
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& BUILD_DEPS=" \
gnupg \
tar \
build-base \
autoconf \
automake \
libtool \
samba-dev" \
&& apk -U add \
${BUILD_DEPS} \
nginx \
s6 \
libressl \
ca-certificates \
libsmbclient \
samba-client \
su-exec \
tzdata \
redis \
php7@commuedge \
php7-fpm@commuedge \
php7-intl@commuedge \
php7-mbstring@commuedge \
php7-curl@commuedge \
php7-gd@commuedge \
php7-mcrypt@commuedge \
php7-opcache@commuedge \
php7-json@commuedge \
php7-session@commuedge \
php7-pdo@commuedge \
php7-dom@commuedge \
php7-ctype@commuedge \
php7-pdo_mysql@commuedge \
php7-pdo_pgsql@commuedge \
php7-pgsql@commuedge \
php7-pdo_sqlite@commuedge \
php7-sqlite3@commuedge \
php7-zlib@commuedge \
php7-zip@commuedge \
php7-xmlreader@commuedge \
php7-posix@commuedge \
php7-openssl@commuedge \
php7-ldap@commuedge \
php7-ftp@commuedge \
php7-pcntl@commuedge \
php7-exif@commuedge \
php7-apcu@testing \
php7-redis@testing \
php7-pear@commuedge \
php7-dev@commuedge \
&& sed -i "$ s|\-n||g" /usr/bin/pecl && pecl install smbclient \
&& cd /tmp && wget -q http://ftp.gnu.org/pub/gnu/libiconv/libiconv-${GNU_LIBICONV_VERSION}.tar.gz \
&& tar xzf libiconv-${GNU_LIBICONV_VERSION}.tar.gz && cd libiconv-${GNU_LIBICONV_VERSION} \
&& ./configure --prefix=/usr/local \
&& wget -q https://raw.githubusercontent.com/mxe/mxe/7e231efd245996b886b501dad780761205ecf376/src/libiconv-1-fixes.patch \
&& patch -p1 -u < libiconv-1-fixes.patch \
&& make && make install && libtool --finish /usr/local/lib && cd /tmp \
&& wget -q http://is1.php.net/get/php-7.0.13.tar.gz/from/this/mirror -O php7.tar.gz \
&& tar xzf php7.tar.gz && cd /tmp/php-7.0.13/ext/iconv && phpize7 \
&& ./configure --with-iconv=/usr/local --with-php-config=/usr/bin/php-config7 \
&& make && cp modules/iconv.so /usr/lib/php7/modules && cd /tmp \
&& echo "extension=iconv.so" > /etc/php7/conf.d/00_iconv.ini \
&& echo "extension=smbclient.so" > /etc/php7/conf.d/00_smbclient.ini \
&& mkdir /nextcloud \
&& NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL} \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.sha256 \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.asc \
&& wget -q https://nextcloud.com/nextcloud.asc \
&& echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \
&& CHECKSUM_STATE=$(echo -n $(sha256sum -c ${NEXTCLOUD_TARBALL}.sha256) | tail -c 2) \
&& if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \
&& gpg --import nextcloud.asc \
&& FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
&& echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \
&& tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \
&& apk del ${BUILD_DEPS} php7-pear php7-dev \
&& rm -rf /var/cache/apk/* /tmp/* /root/.gnupg
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php7/php-fpm.conf
COPY opcache.ini /etc/php7/conf.d/00_opcache.ini
COPY apcu.ini /etc/php7/conf.d/apcu.ini
COPY redis.conf /etc/redis.conf
COPY run.sh /usr/local/bin/run.sh
COPY setup.sh /usr/local/bin/setup.sh
COPY occ /usr/local/bin/occ
COPY s6.d /etc/s6.d
RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /data /config /apps2 /var/lib/redis
EXPOSE 8888
LABEL description="A server software for creating file hosting services" \
nextcloud="Nextcloud v${NEXTCLOUD_VERSION}"
CMD ["run.sh"]

4
nextcloud/10.0/apcu.ini
View File

@ -1,4 +0,0 @@
extension=apcu.so
apc.enabled=1
apc.shm_size=<APC_SHM_SIZE>
apc.ttl=7200

113
nextcloud/10.0/nginx.conf
View File

@ -1,113 +0,0 @@
worker_processes auto;
pid /tmp/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /tmp/ngx_error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
fastcgi_temp_path /tmp/fastcgi 1 2;
client_body_temp_path /tmp/client_body 1 2;
proxy_temp_path /tmp/proxy 1 2;
uwsgi_temp_path /tmp/uwsgi 1 2;
scgi_temp_path /tmp/scgi 1 2;
gzip off;
server {
listen 8888;
root /nextcloud;
client_max_body_size <UPLOAD_MAX_SIZE>;
fastcgi_buffers 64 4K;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 1200;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}
}

2
nextcloud/10.0/occ
View File

@ -1,2 +0,0 @@
#!/bin/sh
su-exec $UID:$GID php7 /nextcloud/occ $@

8
nextcloud/10.0/opcache.ini
View File

@ -1,8 +0,0 @@
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.fast_shutdown=1
opcache.memory_consumption=<OPCACHE_MEM_SIZE>
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=5413
opcache.revalidate_freq=60

18
nextcloud/10.0/php-fpm.conf
View File

@ -1,18 +0,0 @@
[global]
daemonize = no
[www]
listen = /tmp/php-fpm.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 6
chdir = /
request_terminate_timeout = 0
env[PATH] = /usr/local/bin:/usr/bin:/bin
php_admin_value[post_max_size] = <UPLOAD_MAX_SIZE>
php_admin_value[upload_max_filesize] = <UPLOAD_MAX_SIZE>
php_admin_value[max_execution_time] = 10800
php_admin_value[max_input_time] = 3600
php_admin_value[expose_php] = Off

14
nextcloud/10.0/redis.conf
View File

@ -1,14 +0,0 @@
bind 127.0.0.1
protected-mode yes
port 0
unixsocket /tmp/redis.sock
unixsocketperm 700
daemonize no
pidfile /tmp/redis.pid
logfile /tmp/redis.log
save 900 1
save 300 10
save 60 10000
dbfilename dump.rdb
dir /var/lib/redis/
maxmemory <REDIS_MAX_MEMORY>

33
nextcloud/10.0/run.sh
View File

@ -1,33 +0,0 @@
#!/bin/sh
sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/php7/php-fpm.conf \
-e "s/<APC_SHM_SIZE>/$APC_SHM_SIZE/g" /etc/php7/conf.d/apcu.ini \
-e "s/<OPCACHE_MEM_SIZE>/$OPCACHE_MEM_SIZE/g" /etc/php7/conf.d/00_opcache.ini \
-e "s/<REDIS_MAX_MEMORY>/$REDIS_MAX_MEMORY/g" /etc/redis.conf \
-e "s/<CRON_PERIOD>/$CRON_PERIOD/g" /etc/s6.d/cron/run
# Put the configuration and apps into volumes
ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null
ln -sf /apps2 /nextcloud &>/dev/null
for dir in /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /var/lib/redis /tmp /etc/s6.d; do
if $(find $dir ! -user $UID -o ! -group $GID|egrep '.' -q); then
chown -R $UID:$GID $dir
fi
done
if [ ! -f /config/config.php ]; then
# New installation, run the setup
/usr/local/bin/setup.sh
else
occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
occ maintenance:mode --off
echo "...which seemed to work."
fi
fi
exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d

3
nextcloud/10.0/s6.d/.s6-svscan/finish
View File

@ -1,3 +0,0 @@
#!/bin/sh
exit 0

6
nextcloud/10.0/s6.d/cron/run
View File

@ -1,6 +0,0 @@
#!/bin/sh
while true; do
php7 -f /nextcloud/cron.php
sleep <CRON_PERIOD>
done

2
nextcloud/10.0/s6.d/nginx/run
View File

@ -1,2 +0,0 @@
#!/bin/sh
exec nginx

2
nextcloud/10.0/s6.d/php/run
View File

@ -1,2 +0,0 @@
#!/bin/sh
exec php-fpm7

2
nextcloud/10.0/s6.d/redis/run
View File

@ -1,2 +0,0 @@
#!/bin/sh
exec redis-server /etc/redis.conf

112
nextcloud/10.0/setup.sh
View File

@ -1,112 +0,0 @@
#!/bin/sh
# Nextcloud
##########################
#source setup/functions.sh # load our functions
#source /etc/mailinabox.conf # load global vars
CONFIGFILE=/config/config.php
# Create an initial configuration file.
instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1)
cat > $CONFIGFILE <<EOF;
<?php
\$CONFIG = array (
'datadirectory' => '/data',
"apps_paths" => array (
0 => array (
"path" => "/nextcloud/apps",
"url" => "/apps",
"writable" => false,
),
1 => array (
"path" => "/apps2",
"url" => "/apps2",
"writable" => true,
),
),
'memcache.local' => '\OC\Memcache\APCu',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => '/tmp/redis.sock',
'port' => 0,
'timeout' => 0.0,
),
'instanceid' => '$instanceid',
);
?>
EOF
# Create an auto-configuration file to fill in database settings
# when the install script is run. Make an administrator account
# here or else the install can't finish.
adminpassword=$(dd if=/dev/urandom bs=1 count=40 2>/dev/null | sha1sum | fold -w 30 | head -n 1)
cat > /nextcloud/config/autoconfig.php <<EOF;
<?php
\$AUTOCONFIG = array (
# storage/database
'directory' => '/data',
'dbtype' => '${DB_TYPE:-sqlite3}',
'dbname' => '${DB_NAME:-nextcloud}',
'dbuser' => '${DB_USER:-nextcloud}',
'dbpass' => '${DB_PASSWORD:-password}',
'dbhost' => '${DB_HOST:-nextcloud-db}',
'dbtableprefix' => 'oc_',
EOF
if [[ ! -z "$ADMIN_USER" ]]; then
cat >> /nextcloud/config/autoconfig.php <<EOF;
# create an administrator account with a random password so that
# the user does not have to enter anything on first load of ownCloud
'adminlogin' => '${ADMIN_USER}',
'adminpass' => '${ADMIN_PASSWORD}',
EOF
fi
cat >> /nextcloud/config/autoconfig.php <<EOF;
);
?>
EOF
echo "Starting automatic configuration..."
# Execute ownCloud's setup step, which creates the ownCloud database.
# It also wipes it if it exists. And it updates config.php with database
# settings and deletes the autoconfig.php file.
(cd /nextcloud; php7 index.php)
echo "Automatic configuration finished."
# Update config.php.
# * trusted_domains is reset to localhost by autoconfig starting with ownCloud 8.1.1,
# so set it here. It also can change if the box's PRIMARY_HOSTNAME changes, so
# this will make sure it has the right value.
# * Some settings weren't included in previous versions of Mail-in-a-Box.
# * We need to set the timezone to the system timezone to allow fail2ban to ban
# users within the proper timeframe
# * We need to set the logdateformat to something that will work correctly with fail2ban
# Use PHP to read the settings file, modify it, and write out the new settings array.
CONFIG_TEMP=$(/bin/mktemp)
php7 <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE
<?php
include("/config/config.php");
//\$CONFIG['memcache.local'] = '\\OC\\Memcache\\Memcached';
\$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches our master administrator address
\$CONFIG['logtimezone'] = '$TZ';
\$CONFIG['logdateformat'] = 'Y-m-d H:i:s';
echo "<?php\n\\\$CONFIG = ";
var_export(\$CONFIG);
echo ";";
?>
EOF
chown -R $UID:$GID /config /data
# Enable/disable apps. Note that this must be done after the ownCloud setup.
# The firstrunwizard gave Josh all sorts of problems, so disabling that.
# user_external is what allows ownCloud to use IMAP for login. The contacts
# and calendar apps are the extensions we really care about here.
occ app:disable firstrunwizard

2
nextcloud/11.0-armhf/run.sh
View File

@ -10,6 +10,8 @@ sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/ph
ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null
ln -sf /apps2 /nextcloud &>/dev/null
mv nextcloud fix && mv fix nextcloud # fix strange bug
echo "Updating permissions..."
for dir in /nextcloud/config /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /var/lib/redis /tmp /etc/s6.d; do
if $(find $dir ! -user $UID -o ! -group $GID|egrep '.' -q); then

4
nextcloud/11.0/run.sh
View File

@ -10,8 +10,10 @@ sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/ph
ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null
ln -sf /apps2 /nextcloud &>/dev/null
mv nextcloud fix && mv fix nextcloud # fix strange bug
echo "Updating permissions..."
for dir in /nextcloud/config /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /var/lib/redis /tmp /etc/s6.d; do
for dir in /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /var/lib/redis /tmp /etc/s6.d; do
if $(find $dir ! -user $UID -o ! -group $GID|egrep '.' -q); then
echo "Updating permissions in $dir..."
chown -R $UID:$GID $dir