diff --git a/nextcloud/11.0/Dockerfile b/nextcloud/11.0/Dockerfile index c2440e5..f4e7fee 100644 --- a/nextcloud/11.0/Dockerfile +++ b/nextcloud/11.0/Dockerfile @@ -1,8 +1,6 @@ -FROM alpine:3.5 +FROM wonderfall/nginx-php ARG NEXTCLOUD_VERSION=11.0.3 -ARG GNU_LIBICONV_VERSION=1.15 -ARG PHP_SOURCES_VERSION=7.0.18 ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" ENV UID=991 GID=991 \ @@ -27,60 +25,15 @@ RUN BUILD_DEPS=" \ samba-dev" \ && apk -U upgrade && apk add \ ${BUILD_DEPS} \ - nginx \ - s6 \ libressl \ ca-certificates \ libsmbclient \ - samba-client \ - su-exec \ tzdata \ - php7 \ - php7-fpm \ - php7-intl \ - php7-mbstring \ - php7-curl \ - php7-gd \ - php7-mcrypt \ - php7-opcache \ - php7-json \ - php7-session \ - php7-pdo \ - php7-dom \ - php7-ctype \ - php7-mysqlnd \ - php7-pdo_mysql \ - php7-pdo_pgsql \ - php7-pgsql \ - php7-pdo_sqlite \ - php7-sqlite3 \ - php7-zlib \ - php7-zip \ - php7-xmlreader \ - php7-xml \ - php7-posix \ - php7-openssl \ - php7-ldap \ - php7-imap \ - php7-ftp \ - php7-pcntl \ - php7-exif \ - php7-pear \ - php7-dev \ - && sed -i "$ s|\-n||g" /usr/bin/pecl && pecl install smbclient apcu redis \ - && cd /tmp && wget -q http://ftp.gnu.org/pub/gnu/libiconv/libiconv-${GNU_LIBICONV_VERSION}.tar.gz \ - && tar xzf libiconv-${GNU_LIBICONV_VERSION}.tar.gz && cd libiconv-${GNU_LIBICONV_VERSION} \ - && ./configure --prefix=/usr/local \ - && make && make install && libtool --finish /usr/local/lib && cd /tmp \ - && wget -q http://ch1.php.net/get/php-${PHP_SOURCES_VERSION}.tar.gz/from/this/mirror -O php7.tar.gz \ - && tar xzf php7.tar.gz && cd /tmp/php-${PHP_SOURCES_VERSION}/ext/iconv && phpize7 \ - && ./configure --with-iconv=/usr/local --with-php-config=/usr/bin/php-config7 \ - && make && cp modules/iconv.so /usr/lib/php7/modules && cd /tmp \ - && echo "extension=iconv.so" > /etc/php7/conf.d/00_iconv.ini \ - && echo "extension=smbclient.so" > /etc/php7/conf.d/00_smbclient.ini \ - && echo "extension=redis.so" > /etc/php7/conf.d/redis.ini \ - && sed -i 's|;session.save_path = "/tmp"|session.save_path = "/data/session"|g' /etc/php7/php.ini \ + && pecl install smbclient apcu redis \ + && echo "extension=smbclient.so" > /php/conf.d/smbclient.ini \ + && echo "extension=redis.so" > /php/conf.d/redis.ini \ && mkdir /nextcloud \ + && cd /tmp \ && NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL} \ && wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.sha512 \ @@ -96,17 +49,10 @@ RUN BUILD_DEPS=" \ && if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ && echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \ && tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \ - && apk del ${BUILD_DEPS} php7-pear php7-dev \ + && apk del ${BUILD_DEPS} \ && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg -COPY nginx.conf /etc/nginx/nginx.conf -COPY php-fpm.conf /etc/php7/php-fpm.conf -COPY opcache.ini /etc/php7/conf.d/00_opcache.ini -COPY apcu.ini /etc/php7/conf.d/apcu.ini -COPY run.sh /usr/local/bin/run.sh -COPY setup.sh /usr/local/bin/setup.sh -COPY occ /usr/local/bin/occ -COPY s6.d /etc/s6.d +COPY rootfs / RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* diff --git a/nextcloud/11.0/occ b/nextcloud/11.0/occ deleted file mode 100644 index bffa67a..0000000 --- a/nextcloud/11.0/occ +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -su-exec $UID:$GID php7 -d memory_limit= -f /nextcloud/occ $@ diff --git a/nextcloud/11.0/php-fpm.conf b/nextcloud/11.0/php-fpm.conf deleted file mode 100644 index c30057b..0000000 --- a/nextcloud/11.0/php-fpm.conf +++ /dev/null @@ -1,19 +0,0 @@ -[global] -daemonize = no - -[www] -listen = /tmp/php-fpm.sock -pm = dynamic -pm.max_children = 15 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 6 -chdir = / -request_terminate_timeout = 0 -env[PATH] = /usr/local/bin:/usr/bin:/bin -php_admin_value[post_max_size] = -php_admin_value[upload_max_filesize] = -php_admin_value[max_execution_time] = 10800 -php_admin_value[max_input_time] = 3600 -php_admin_value[expose_php] = Off -php_admin_value[memory_limit] = diff --git a/nextcloud/11.0/s6.d/.s6-svscan/finish b/nextcloud/11.0/rootfs/etc/s6.d/.s6-svscan/finish similarity index 100% rename from nextcloud/11.0/s6.d/.s6-svscan/finish rename to nextcloud/11.0/rootfs/etc/s6.d/.s6-svscan/finish diff --git a/nextcloud/11.0/rootfs/etc/s6.d/cron/run b/nextcloud/11.0/rootfs/etc/s6.d/cron/run new file mode 100644 index 0000000..2a3346b --- /dev/null +++ b/nextcloud/11.0/rootfs/etc/s6.d/cron/run @@ -0,0 +1,6 @@ +#!/bin/sh + +while true; do + php -d memory_limit= -f /nextcloud/cron.php + sleep +done diff --git a/nextcloud/11.0/rootfs/nginx/sites-enabled/nginx.conf b/nextcloud/11.0/rootfs/nginx/sites-enabled/nginx.conf new file mode 100644 index 0000000..6c07899 --- /dev/null +++ b/nextcloud/11.0/rootfs/nginx/sites-enabled/nginx.conf @@ -0,0 +1,76 @@ +server { + listen 8888; + root /nextcloud; + + fastcgi_buffers 64 4K; + + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { + include /nginx/conf/fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass unix:/php/run/php-fpm.sock; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + fastcgi_read_timeout 1200; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + location ~* \.(?:css|js)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=7200"; + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + access_log off; + } + + location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + access_log off; + } +} diff --git a/nextcloud/11.0/apcu.ini b/nextcloud/11.0/rootfs/php/conf.d/apcu.ini similarity index 100% rename from nextcloud/11.0/apcu.ini rename to nextcloud/11.0/rootfs/php/conf.d/apcu.ini diff --git a/nextcloud/11.0/opcache.ini b/nextcloud/11.0/rootfs/php/conf.d/opcache.ini similarity index 100% rename from nextcloud/11.0/opcache.ini rename to nextcloud/11.0/rootfs/php/conf.d/opcache.ini diff --git a/nextcloud/11.0/rootfs/usr/local/bin/occ b/nextcloud/11.0/rootfs/usr/local/bin/occ new file mode 100644 index 0000000..3525d30 --- /dev/null +++ b/nextcloud/11.0/rootfs/usr/local/bin/occ @@ -0,0 +1,2 @@ +#!/bin/sh +su-exec $UID:$GID php -d memory_limit= -f /nextcloud/occ $@ diff --git a/nextcloud/daily/run.sh b/nextcloud/11.0/rootfs/usr/local/bin/run.sh similarity index 70% rename from nextcloud/daily/run.sh rename to nextcloud/11.0/rootfs/usr/local/bin/run.sh index db851d8..6c64503 100644 --- a/nextcloud/daily/run.sh +++ b/nextcloud/11.0/rootfs/usr/local/bin/run.sh @@ -1,12 +1,12 @@ #!/bin/sh -sed -i -e "s//$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/php7/php-fpm.conf \ - -e "s//$MEMORY_LIMIT/g" /etc/php7/php-fpm.conf \ - -e "s//$APC_SHM_SIZE/g" /etc/php7/conf.d/apcu.ini \ - -e "s//$OPCACHE_MEM_SIZE/g" /etc/php7/conf.d/00_opcache.ini \ +sed -i -e "s//$APC_SHM_SIZE/g" /php/conf.d/apcu.ini \ + -e "s//$OPCACHE_MEM_SIZE/g" /php/conf.d/opcache.ini \ -e "s//$CRON_MEMORY_LIMIT/g" /etc/s6.d/cron/run \ -e "s//$CRON_PERIOD/g" /etc/s6.d/cron/run \ - -e "s//$MEMORY_LIMIT/g" /usr/local/bin/occ + -e "s//$MEMORY_LIMIT/g" /usr/local/bin/occ \ + -e "s//$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \ + -e "s//$MEMORY_LIMIT/g" /php/etc/php-fpm.conf # Put the configuration and apps into volumes ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null @@ -18,7 +18,7 @@ if [ ! -d /data/session ]; then fi echo "Updating permissions..." -for dir in /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d; do +for dir in /nextcloud /data /config /apps2 /var/log /php /nginx /tmp /etc/s6.d; do if $(find $dir ! -user $UID -o ! -group $GID|egrep '.' -q); then echo "Updating permissions in $dir..." chown -R $UID:$GID $dir @@ -32,7 +32,7 @@ if [ ! -f /config/config.php ]; then # New installation, run the setup /usr/local/bin/setup.sh else - if [ $(occ | head -n 1 | grep -ic "Nextcloud version.*") == "1" ] ; then + if [ $(occ | head -n 1 | grep -ic "Nextcloud version.*") == "1" ] ; then occ upgrade if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then echo "Trying Nextcloud upgrade again to work around Nextcloud upgrade bug..." diff --git a/nextcloud/11.0/setup.sh b/nextcloud/11.0/rootfs/usr/local/bin/setup.sh similarity index 97% rename from nextcloud/11.0/setup.sh rename to nextcloud/11.0/rootfs/usr/local/bin/setup.sh index bf74314..df29992 100755 --- a/nextcloud/11.0/setup.sh +++ b/nextcloud/11.0/rootfs/usr/local/bin/setup.sh @@ -67,7 +67,7 @@ echo "Starting automatic configuration..." # Execute ownCloud's setup step, which creates the ownCloud database. # It also wipes it if it exists. And it updates config.php with database # settings and deletes the autoconfig.php file. -(cd /nextcloud; php7 index.php &>/dev/null) +(cd /nextcloud; php index.php &>/dev/null) echo "Automatic configuration finished." # Update config.php. @@ -81,7 +81,7 @@ echo "Automatic configuration finished." # Use PHP to read the settings file, modify it, and write out the new settings array. CONFIG_TEMP=$(/bin/mktemp) -php7 < $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE +php < $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE -f /nextcloud/cron.php - sleep -done diff --git a/nextcloud/11.0/s6.d/nginx/run b/nextcloud/11.0/s6.d/nginx/run deleted file mode 100644 index eaf8049..0000000 --- a/nextcloud/11.0/s6.d/nginx/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -exec nginx diff --git a/nextcloud/11.0/s6.d/php/run b/nextcloud/11.0/s6.d/php/run deleted file mode 100644 index e238021..0000000 --- a/nextcloud/11.0/s6.d/php/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -exec php-fpm7 diff --git a/nextcloud/daily/Dockerfile b/nextcloud/daily/Dockerfile index 5b649c5..3c3cdb4 100644 --- a/nextcloud/daily/Dockerfile +++ b/nextcloud/daily/Dockerfile @@ -1,7 +1,4 @@ -FROM alpine:3.5 - -ARG GNU_LIBICONV_VERSION=1.15 -ARG PHP_SOURCES_VERSION=7.0.18 +FROM wonderfall/nginx-php ENV UID=991 GID=991 \ UPLOAD_MAX_SIZE=10G \ @@ -14,8 +11,7 @@ ENV UID=991 GID=991 \ DB_TYPE=sqlite3 \ DOMAIN=localhost -RUN echo " https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ - && BUILD_DEPS=" \ +RUN BUILD_DEPS=" \ gnupg \ tar \ build-base \ @@ -26,62 +22,15 @@ RUN echo " https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositor samba-dev" \ && apk -U upgrade && apk add \ ${BUILD_DEPS} \ - nginx \ - s6 \ libressl \ ca-certificates \ libsmbclient \ - samba-client \ - su-exec \ tzdata \ - php7 \ - php7-fpm \ - php7-intl \ - php7-mbstring \ - php7-curl \ - php7-gd \ - php7-fileinfo \ - php7-mcrypt \ - php7-opcache \ - php7-json \ - php7-session \ - php7-pdo \ - php7-dom \ - php7-ctype \ - php7-mysqlnd \ - php7-pdo_mysql \ - php7-pdo_pgsql \ - php7-pgsql \ - php7-pdo_sqlite \ - php7-sqlite3 \ - php7-zlib \ - php7-zip \ - php7-xmlreader \ - php7-xml \ - php7-xmlwriter \ - php7-posix \ - php7-openssl \ - php7-ldap \ - php7-imap \ - php7-ftp \ - php7-pcntl \ - php7-exif \ - php7-pear \ - php7-dev \ && pecl install smbclient apcu redis \ - && cd /tmp && wget -q http://ftp.gnu.org/pub/gnu/libiconv/libiconv-${GNU_LIBICONV_VERSION}.tar.gz \ - && tar xzf libiconv-${GNU_LIBICONV_VERSION}.tar.gz && cd libiconv-${GNU_LIBICONV_VERSION} \ - && ./configure --prefix=/usr/local \ - && make && make install && libtool --finish /usr/local/lib && cd /tmp \ - && wget -q http://is1.php.net/get/php-${PHP_SOURCES_VERSION}.tar.gz/from/this/mirror -O php7.tar.gz \ - && tar xzf php7.tar.gz && cd /tmp/php-${PHP_SOURCES_VERSION}/ext/iconv && phpize7 \ - && ./configure --with-iconv=/usr/local --with-php-config=/usr/bin/php-config7 \ - && make && cp modules/iconv.so /usr/lib/php7/modules && cd /tmp \ - && echo "extension=iconv.so" > /etc/php7/conf.d/00_iconv.ini \ - && echo "extension=smbclient.so" > /etc/php7/conf.d/00_smbclient.ini \ - && echo "extension=redis.so" > /etc/php7/conf.d/redis.ini \ - && sed -i 's|;session.save_path = "/tmp"|session.save_path = "/data/session"|g' /etc/php7/php.ini \ + && echo "extension=smbclient.so" > /php/conf.d/smbclient.ini \ + && echo "extension=redis.so" > /php/conf.d/redis.ini \ && mkdir /nextcloud \ + && cd /tmp \ && wget -q https://download.nextcloud.com/server/daily/latest.tar.bz2 \ && echo "Verifying checksum of latest.tar.bz2..." \ && wget -q https://download.nextcloud.com/server/daily/latest.tar.bz2.sha512 \ @@ -90,25 +39,18 @@ RUN echo " https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositor && if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \ && tar xjf latest.tar.bz2 --strip 1 -C /nextcloud \ && apk del ${BUILD_DEPS} php7-pear php7-dev \ - && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg + && rm -rf /var/cache/apk/* /tmp/* -COPY nginx.conf /etc/nginx/nginx.conf -COPY php-fpm.conf /etc/php7/php-fpm.conf -COPY opcache.ini /etc/php7/conf.d/00_opcache.ini -COPY apcu.ini /etc/php7/conf.d/apcu.ini -COPY run.sh /usr/local/bin/run.sh -COPY setup.sh /usr/local/bin/setup.sh -COPY occ /usr/local/bin/occ -COPY s6.d /etc/s6.d +COPY rootfs / RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* -VOLUME /data /config /apps2 /nextcloud/themes +VOLUME /data /config /apps2 /nextcloud/themes /php/session EXPOSE 8888 LABEL description="A server software for creating file hosting services" \ - nextcloud="Nextcloud daily build" \ + nextcloud="Nextcloud daily" \ maintainer="Wonderfall " CMD ["run.sh"] diff --git a/nextcloud/daily/occ b/nextcloud/daily/occ deleted file mode 100644 index bffa67a..0000000 --- a/nextcloud/daily/occ +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -su-exec $UID:$GID php7 -d memory_limit= -f /nextcloud/occ $@ diff --git a/nextcloud/daily/php-fpm.conf b/nextcloud/daily/php-fpm.conf deleted file mode 100644 index c30057b..0000000 --- a/nextcloud/daily/php-fpm.conf +++ /dev/null @@ -1,19 +0,0 @@ -[global] -daemonize = no - -[www] -listen = /tmp/php-fpm.sock -pm = dynamic -pm.max_children = 15 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 6 -chdir = / -request_terminate_timeout = 0 -env[PATH] = /usr/local/bin:/usr/bin:/bin -php_admin_value[post_max_size] = -php_admin_value[upload_max_filesize] = -php_admin_value[max_execution_time] = 10800 -php_admin_value[max_input_time] = 3600 -php_admin_value[expose_php] = Off -php_admin_value[memory_limit] = diff --git a/nextcloud/daily/s6.d/.s6-svscan/finish b/nextcloud/daily/rootfs/etc/s6.d/.s6-svscan/finish similarity index 100% rename from nextcloud/daily/s6.d/.s6-svscan/finish rename to nextcloud/daily/rootfs/etc/s6.d/.s6-svscan/finish diff --git a/nextcloud/daily/rootfs/etc/s6.d/cron/run b/nextcloud/daily/rootfs/etc/s6.d/cron/run new file mode 100644 index 0000000..2a3346b --- /dev/null +++ b/nextcloud/daily/rootfs/etc/s6.d/cron/run @@ -0,0 +1,6 @@ +#!/bin/sh + +while true; do + php -d memory_limit= -f /nextcloud/cron.php + sleep +done diff --git a/nextcloud/daily/rootfs/nginx/sites-enabled/nginx.conf b/nextcloud/daily/rootfs/nginx/sites-enabled/nginx.conf new file mode 100644 index 0000000..6c07899 --- /dev/null +++ b/nextcloud/daily/rootfs/nginx/sites-enabled/nginx.conf @@ -0,0 +1,76 @@ +server { + listen 8888; + root /nextcloud; + + fastcgi_buffers 64 4K; + + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { + include /nginx/conf/fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass unix:/php/run/php-fpm.sock; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + fastcgi_read_timeout 1200; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + location ~* \.(?:css|js)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=7200"; + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + access_log off; + } + + location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + access_log off; + } +} diff --git a/nextcloud/daily/apcu.ini b/nextcloud/daily/rootfs/php/conf.d/apcu.ini similarity index 100% rename from nextcloud/daily/apcu.ini rename to nextcloud/daily/rootfs/php/conf.d/apcu.ini diff --git a/nextcloud/daily/opcache.ini b/nextcloud/daily/rootfs/php/conf.d/opcache.ini similarity index 100% rename from nextcloud/daily/opcache.ini rename to nextcloud/daily/rootfs/php/conf.d/opcache.ini diff --git a/nextcloud/daily/rootfs/usr/local/bin/occ b/nextcloud/daily/rootfs/usr/local/bin/occ new file mode 100644 index 0000000..3525d30 --- /dev/null +++ b/nextcloud/daily/rootfs/usr/local/bin/occ @@ -0,0 +1,2 @@ +#!/bin/sh +su-exec $UID:$GID php -d memory_limit= -f /nextcloud/occ $@ diff --git a/nextcloud/11.0/run.sh b/nextcloud/daily/rootfs/usr/local/bin/run.sh similarity index 70% rename from nextcloud/11.0/run.sh rename to nextcloud/daily/rootfs/usr/local/bin/run.sh index 223e6e4..6c64503 100644 --- a/nextcloud/11.0/run.sh +++ b/nextcloud/daily/rootfs/usr/local/bin/run.sh @@ -1,12 +1,12 @@ #!/bin/sh -sed -i -e "s//$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/php7/php-fpm.conf \ - -e "s//$MEMORY_LIMIT/g" /etc/php7/php-fpm.conf \ - -e "s//$APC_SHM_SIZE/g" /etc/php7/conf.d/apcu.ini \ - -e "s//$OPCACHE_MEM_SIZE/g" /etc/php7/conf.d/00_opcache.ini \ +sed -i -e "s//$APC_SHM_SIZE/g" /php/conf.d/apcu.ini \ + -e "s//$OPCACHE_MEM_SIZE/g" /php/conf.d/opcache.ini \ -e "s//$CRON_MEMORY_LIMIT/g" /etc/s6.d/cron/run \ -e "s//$CRON_PERIOD/g" /etc/s6.d/cron/run \ - -e "s//$MEMORY_LIMIT/g" /usr/local/bin/occ + -e "s//$MEMORY_LIMIT/g" /usr/local/bin/occ \ + -e "s//$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \ + -e "s//$MEMORY_LIMIT/g" /php/etc/php-fpm.conf # Put the configuration and apps into volumes ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null @@ -18,7 +18,7 @@ if [ ! -d /data/session ]; then fi echo "Updating permissions..." -for dir in /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d; do +for dir in /nextcloud /data /config /apps2 /var/log /php /nginx /tmp /etc/s6.d; do if $(find $dir ! -user $UID -o ! -group $GID|egrep '.' -q); then echo "Updating permissions in $dir..." chown -R $UID:$GID $dir @@ -32,7 +32,7 @@ if [ ! -f /config/config.php ]; then # New installation, run the setup /usr/local/bin/setup.sh else - if [ $(occ | head -n 1 | grep -ic "Nextcloud version.*") == "1" ] ; then + if [ $(occ | head -n 1 | grep -ic "Nextcloud version.*") == "1" ] ; then occ upgrade if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then echo "Trying Nextcloud upgrade again to work around Nextcloud upgrade bug..." diff --git a/nextcloud/daily/setup.sh b/nextcloud/daily/rootfs/usr/local/bin/setup.sh similarity index 97% rename from nextcloud/daily/setup.sh rename to nextcloud/daily/rootfs/usr/local/bin/setup.sh index bf74314..df29992 100755 --- a/nextcloud/daily/setup.sh +++ b/nextcloud/daily/rootfs/usr/local/bin/setup.sh @@ -67,7 +67,7 @@ echo "Starting automatic configuration..." # Execute ownCloud's setup step, which creates the ownCloud database. # It also wipes it if it exists. And it updates config.php with database # settings and deletes the autoconfig.php file. -(cd /nextcloud; php7 index.php &>/dev/null) +(cd /nextcloud; php index.php &>/dev/null) echo "Automatic configuration finished." # Update config.php. @@ -81,7 +81,7 @@ echo "Automatic configuration finished." # Use PHP to read the settings file, modify it, and write out the new settings array. CONFIG_TEMP=$(/bin/mktemp) -php7 < $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE +php < $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE -f /nextcloud/cron.php - sleep -done diff --git a/nextcloud/daily/s6.d/nginx/run b/nextcloud/daily/s6.d/nginx/run deleted file mode 100644 index eaf8049..0000000 --- a/nextcloud/daily/s6.d/nginx/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -exec nginx diff --git a/nextcloud/daily/s6.d/php/run b/nextcloud/daily/s6.d/php/run deleted file mode 100644 index e238021..0000000 --- a/nextcloud/daily/s6.d/php/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -exec php-fpm7