diff --git a/nextcloud/Dockerfile b/nextcloud/9.0/Dockerfile similarity index 93% rename from nextcloud/Dockerfile rename to nextcloud/9.0/Dockerfile index 2e2b218..b2df326 100644 --- a/nextcloud/Dockerfile +++ b/nextcloud/9.0/Dockerfile @@ -8,12 +8,13 @@ ENV GID=991 UID=991 RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ && echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ - && BUILD_DEPS="gnupg tar ca-certificates" \ + && BUILD_DEPS="gnupg tar" \ && apk -U add \ ${BUILD_DEPS} \ nginx \ supervisor \ openssl \ + ca-certificates \ tini@commuedge \ php7@testing \ php7-fpm@testing \ @@ -54,15 +55,13 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a && if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ && echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \ && tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \ - && sed -i "s/;env\[PATH\]/env\[PATH\]/g" /etc/php7/php-fpm.d/www.conf \ - && rm /etc/php7/conf.d/apcu.ini \ && apk del ${BUILD_DEPS} \ && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg COPY nginx.conf /etc/nginx/nginx.conf COPY php-fpm.conf /etc/php7/php-fpm.conf COPY opcache.ini /etc/php7/conf.d/00_opcache.ini -COPY apcu.ini /etc/php7/conf.d/00_apcu.ini +COPY apcu.ini /etc/php7/conf.d/apcu.ini COPY supervisord.conf /etc/supervisor/supervisord.conf COPY run.sh /usr/local/bin/run.sh COPY cron /etc/periodic/15min/nextcloud diff --git a/nextcloud/apcu.ini b/nextcloud/9.0/apcu.ini similarity index 100% rename from nextcloud/apcu.ini rename to nextcloud/9.0/apcu.ini diff --git a/nextcloud/cron b/nextcloud/9.0/cron similarity index 100% rename from nextcloud/cron rename to nextcloud/9.0/cron diff --git a/nextcloud/nginx.conf b/nextcloud/9.0/nginx.conf similarity index 100% rename from nextcloud/nginx.conf rename to nextcloud/9.0/nginx.conf diff --git a/nextcloud/opcache.ini b/nextcloud/9.0/opcache.ini similarity index 100% rename from nextcloud/opcache.ini rename to nextcloud/9.0/opcache.ini diff --git a/nextcloud/php-fpm.conf b/nextcloud/9.0/php-fpm.conf similarity index 100% rename from nextcloud/php-fpm.conf rename to nextcloud/9.0/php-fpm.conf diff --git a/nextcloud/run.sh b/nextcloud/9.0/run.sh similarity index 100% rename from nextcloud/run.sh rename to nextcloud/9.0/run.sh diff --git a/nextcloud/supervisord.conf b/nextcloud/9.0/supervisord.conf similarity index 100% rename from nextcloud/supervisord.conf rename to nextcloud/9.0/supervisord.conf diff --git a/nextcloud/README.md b/nextcloud/README.md index c932f92..8b63223 100644 --- a/nextcloud/README.md +++ b/nextcloud/README.md @@ -2,7 +2,7 @@ ![](https://pix.schrodinger.io/lwq5gNX5/mSPk3B7c.png) -#### Features +##### Features - Based on **Alpine Linux** (edge). - Image built upon recommendations (sha256 sum + PGP). - **Ready to update** : data and apps persistence. @@ -15,6 +15,11 @@ This image is meant to be used behind a secure reverse proxy. +#### Tags +- **latest** : latest stable version. +- **9.0** : latest 9.0.x version. +- **daily** : latest code. + #### Build-time variables - **NEXTCLOUD_VERSION** : version of nextcloud - **APCU_VERSION** : version of apcu pecl ext diff --git a/nextcloud/daily/Dockerfile b/nextcloud/daily/Dockerfile new file mode 100644 index 0000000..0ba27f8 --- /dev/null +++ b/nextcloud/daily/Dockerfile @@ -0,0 +1,62 @@ +FROM alpine:edge +MAINTAINER Wonderfall + +ENV GID=991 UID=991 + +RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ + && echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ + && BUILD_DEPS="tar" \ + && apk -U add \ + ${BUILD_DEPS} \ + nginx \ + supervisor \ + openssl \ + ca-certificates \ + tini@commuedge \ + php7@testing \ + php7-fpm@testing \ + php7-intl@testing \ + php7-mbstring@testing \ + php7-curl@testing \ + php7-gd@testing \ + php7-mcrypt@testing \ + php7-opcache@testing \ + php7-json@testing \ + php7-session@testing \ + php7-pdo@testing \ + php7-dom@testing \ + php7-ctype@testing \ + php7-iconv@testing \ + php7-pdo_mysql@testing \ + php7-pgsql@testing \ + php7-zlib@testing \ + php7-zip@testing \ + php7-xmlreader@testing \ + php7-posix@testing \ + php7-openssl@testing \ + php7-ldap@testing \ + php7-apcu@testing \ + && mkdir /nextcloud && cd /tmp \ + && wget -q https://download.nextcloud.com/server/daily/latest.tar.bz2 \ + && tar xjf latest.tar.bz2 --strip 1 -C /nextcloud \ + && apk del ${BUILD_DEPS} \ + && rm -rf /var/cache/apk/* /tmp/* + +COPY nginx.conf /etc/nginx/nginx.conf +COPY php-fpm.conf /etc/php7/php-fpm.conf +COPY opcache.ini /etc/php7/conf.d/00_opcache.ini +COPY apcu.ini /etc/php7/conf.d/apcu.ini +COPY supervisord.conf /etc/supervisor/supervisord.conf +COPY run.sh /usr/local/bin/run.sh +COPY cron /etc/periodic/15min/nextcloud + +RUN chmod +x /usr/local/bin/run.sh /etc/periodic/15min/nextcloud + +VOLUME /data /config /apps2 + +EXPOSE 80 + +LABEL description="A server software for creating file hosting services" \ + nextcloud="Nextcloud daily build" + +CMD ["/sbin/tini","--","run.sh"] diff --git a/nextcloud/daily/apcu.ini b/nextcloud/daily/apcu.ini new file mode 100644 index 0000000..03f5011 --- /dev/null +++ b/nextcloud/daily/apcu.ini @@ -0,0 +1,4 @@ +extension=apcu.so +apc.enabled=1 +apc.shm_size=128M +apc.ttl=7200 diff --git a/nextcloud/daily/cron b/nextcloud/daily/cron new file mode 100644 index 0000000..8d5ad0a --- /dev/null +++ b/nextcloud/daily/cron @@ -0,0 +1,2 @@ +#!/bin/sh +su - nextcloud -c "php7 -f /nextcloud/cron.php" > /dev/null 2>&1 diff --git a/nextcloud/daily/nginx.conf b/nextcloud/daily/nginx.conf new file mode 100644 index 0000000..0415d4d --- /dev/null +++ b/nextcloud/daily/nginx.conf @@ -0,0 +1,105 @@ +user nextcloud; +worker_processes auto; +pid /var/run/nginx.pid; +daemon off; + +events { + worker_connections 1024; + use epoll; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log off; + error_log /var/log/nginx/error.log error; + + sendfile on; + keepalive_timeout 15; + keepalive_disable msie6; + keepalive_requests 100; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + + fastcgi_temp_path /tmp/fastcgi 1 2; + client_body_temp_path /tmp/client_body 1 2; + + gzip on; + gzip_comp_level 5; + gzip_min_length 512; + gzip_buffers 4 8k; + gzip_proxied any; + gzip_vary on; + gzip_disable "msie6"; + gzip_types + text/css + text/javascript + text/xml + text/plain + text/x-component + application/javascript + application/x-javascript + application/json + application/xml + application/rss+xml + application/vnd.ms-fontobject + font/truetype + font/opentype + image/svg+xml; + + server { + listen 80; + index index.php; + root /nextcloud; + client_max_body_size 10G; + fastcgi_buffers 64 4K; + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ ^/(data|config|\.ht|db_structure\.xml|README) { + deny all; + } + + location / { + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ index.php; + } + + location ~ ^(.+?\.php)(/.*)?$ { + try_files $1 = 404; + include fastcgi_params; + fastcgi_param modHeadersAvailable true; + fastcgi_param SCRIPT_FILENAME $document_root$1; + fastcgi_param PATH_INFO $2; + fastcgi_pass unix:/var/run/php-fpm.sock; + } + + location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { + expires 30d; + access_log off; + } + } +} diff --git a/nextcloud/daily/opcache.ini b/nextcloud/daily/opcache.ini new file mode 100644 index 0000000..861ea15 --- /dev/null +++ b/nextcloud/daily/opcache.ini @@ -0,0 +1,8 @@ +zend_extension=opcache.so +opcache.enable=1 +opcache.enable_cli=1 +opcache.fast_shutdown=1 +opcache.memory_consumption=128 +opcache.interned_strings_buffer=16 +opcache.max_accelerated_files=5413 +opcache.revalidate_freq=60 diff --git a/nextcloud/daily/php-fpm.conf b/nextcloud/daily/php-fpm.conf new file mode 100644 index 0000000..8570cd1 --- /dev/null +++ b/nextcloud/daily/php-fpm.conf @@ -0,0 +1,17 @@ +[global] +daemonize = no + +[www] +user = nextcloud +group = nextcloud +listen = /var/run/php-fpm.sock +listen.owner = nextcloud +listen.group = nextcloud +pm = dynamic +pm.max_children = 10 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 +chdir = / +request_terminate_timeout = 300 +env[PATH] = /usr/local/bin:/usr/bin:/bin diff --git a/nextcloud/daily/run.sh b/nextcloud/daily/run.sh new file mode 100644 index 0000000..9885eb7 --- /dev/null +++ b/nextcloud/daily/run.sh @@ -0,0 +1,23 @@ +#!/bin/sh +addgroup -g ${GID} nextcloud && adduser -h /nextcloud -s /bin/sh -D -G nextcloud -u ${UID} nextcloud + +if [ -f /nextcloud/config/config.php ] && [ ! -f /config/config.php ]; then + cp /nextcloud/config/config.php /config/config.php +elif [ -f /config/config.php ]; then + if [ -f /nextcloud/config/config.php ]; then + sed -i "s/.*version.*/`grep "version" \/nextcloud\/config\/config.php`/" /config/config.php + CONFIG=`md5sum /config/config.php | awk '{ print $1 }'` + CONFIGINS=`md5sum /nextcloud/config/config.php | awk '{ print $1 }'` + if [ $CONFIG != $CONFIGINS ]; then + mv /nextcloud/config/config.php /config/config.php.bkp + fi + fi + cp /config/config.php /nextcloud/config/config.php +fi + +touch /var/run/php-fpm.sock +mkdir /tmp/fastcgi /tmp/client_body +chown -R nextcloud:nextcloud /nextcloud /data /config /apps2 /var/run/php-fpm.sock /var/lib/nginx /tmp +ln -s /apps2 /nextcloud + +supervisord -c /etc/supervisor/supervisord.conf diff --git a/nextcloud/daily/supervisord.conf b/nextcloud/daily/supervisord.conf new file mode 100644 index 0000000..bbabd57 --- /dev/null +++ b/nextcloud/daily/supervisord.conf @@ -0,0 +1,11 @@ +[supervisord] +nodaemon=true + +[program:cron] +command=crond -f + +[program:php-fpm] +command=php-fpm7 + +[program:nginx] +command=nginx