hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-20 04:19:18 +00:00
Code Issues Projects Releases Wiki Activity

nextcloud: add armhf support

Browse Source
This commit is contained in:
Wonderfall 2016-10-14 12:30:30 +02:00
parent 22891abe06
commit bfad6e5851
25 changed files with 818 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
nextcloud/10.0-armhf/Dockerfile Normal file
View File

@ -0,0 +1,115 @@
FROM orax/alpine-armhf:edge
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG NEXTCLOUD_VERSION=10.0.1
ARG GNU_LIBICONV_VERSION=1.14
ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
ENV UID=991 GID=991 \
UPLOAD_MAX_SIZE=10G \
APC_SHM_SIZE=64M \
OPCACHE_MEM_SIZE=64 \
CRON_PERIOD=15m \
TZ=Etc/UTC \
DB_TYPE=sqlite3 \
ADMIN_USER=admin \
ADMIN_PASSWORD=admin
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& BUILD_DEPS=" \
gnupg \
tar \
build-base \
autoconf \
automake \
libtool" \
&& apk -U add \
${BUILD_DEPS} \
nginx \
s6 \
libressl \
ca-certificates \
libsmbclient \
samba-client \
su-exec \
tzdata \
php7@commuedge \
php7-fpm@commuedge \
php7-intl@commuedge \
php7-mbstring@commuedge \
php7-curl@commuedge \
php7-gd@commuedge \
php7-mcrypt@commuedge \
php7-opcache@commuedge \
php7-json@commuedge \
php7-session@commuedge \
php7-pdo@commuedge \
php7-dom@commuedge \
php7-ctype@commuedge \
php7-pdo_mysql@commuedge \
php7-pdo_pgsql@commuedge \
php7-pgsql@commuedge \
php7-pdo_sqlite@commuedge \
php7-sqlite3@commuedge \
php7-zlib@commuedge \
php7-zip@commuedge \
php7-xmlreader@commuedge \
php7-posix@commuedge \
php7-openssl@commuedge \
php7-ldap@commuedge \
php7-ftp@commuedge \
php7-pcntl@commuedge \
php7-apcu@testing \
php7-redis@testing \
php7-pear@commuedge \
php7-dev@commuedge \
&& mkdir /nextcloud && cd /tmp \
&& wget -q http://ftp.gnu.org/pub/gnu/libiconv/libiconv-${GNU_LIBICONV_VERSION}.tar.gz \
&& tar xzf libiconv-${GNU_LIBICONV_VERSION}.tar.gz && cd libiconv-${GNU_LIBICONV_VERSION} \
&& ./configure --prefix=/usr/local \
&& wget -q https://raw.githubusercontent.com/mxe/mxe/7e231efd245996b886b501dad780761205ecf376/src/libiconv-1-fixes.patch \
&& patch -p1 -u < libiconv-1-fixes.patch \
&& make && make install && libtool --finish /usr/local/lib && cd /tmp \
&& wget -q http://is1.php.net/get/php-7.0.11.tar.gz/from/this/mirror -O php7.tar.gz \
&& tar xzf php7.tar.gz && cd /tmp/php-7.0.11/ext/iconv && phpize7 \
&& ./configure --with-iconv=/usr/local --with-php-config=/usr/bin/php-config7 \
&& make && cp modules/iconv.so /usr/lib/php7/modules && cd /tmp \
&& echo "extension=iconv.so" > /etc/php7/conf.d/00_iconv.ini \
&& NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL} \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.sha256 \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.asc \
&& wget -q https://nextcloud.com/nextcloud.asc \
&& echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \
&& CHECKSUM_STATE=$(echo -n $(sha256sum -c ${NEXTCLOUD_TARBALL}.sha256) | tail -c 2) \
&& if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \
&& gpg --import nextcloud.asc \
&& FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
&& echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \
&& tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \
&& apk del ${BUILD_DEPS} php7-pear php7-dev \
&& rm -rf /var/cache/apk/* /tmp/* /root/.gnupg
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php7/php-fpm.conf
COPY opcache.ini /etc/php7/conf.d/00_opcache.ini
COPY apcu.ini /etc/php7/conf.d/apcu.ini
COPY run.sh /usr/local/bin/run.sh
COPY setup.sh /usr/local/bin/setup.sh
COPY occ /usr/local/bin/occ
COPY s6.d /etc/s6.d
RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /data /config /apps2
EXPOSE 8888
LABEL description="A server software for creating file hosting services" \
nextcloud="Nextcloud v${NEXTCLOUD_VERSION}"
CMD ["run.sh"]

4
nextcloud/10.0-armhf/apcu.ini Normal file
View File

@ -0,0 +1,4 @@
extension=apcu.so
apc.enabled=1
apc.shm_size=<APC_SHM_SIZE>
apc.ttl=7200

113
nextcloud/10.0-armhf/nginx.conf Normal file
View File

@ -0,0 +1,113 @@
worker_processes auto;
pid /tmp/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /tmp/ngx_error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
fastcgi_temp_path /tmp/fastcgi 1 2;
client_body_temp_path /tmp/client_body 1 2;
proxy_temp_path /tmp/proxy 1 2;
uwsgi_temp_path /tmp/uwsgi 1 2;
scgi_temp_path /tmp/scgi 1 2;
gzip off;
server {
listen 8888;
root /nextcloud;
client_max_body_size <UPLOAD_MAX_SIZE>;
fastcgi_buffers 64 4K;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 1200;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}
}

2
nextcloud/10.0-armhf/occ Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
su-exec $UID:$GID php7 /nextcloud/occ $@

8
nextcloud/10.0-armhf/opcache.ini Normal file
View File

@ -0,0 +1,8 @@
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.fast_shutdown=1
opcache.memory_consumption=<OPCACHE_MEM_SIZE>
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=5413
opcache.revalidate_freq=60

18
nextcloud/10.0-armhf/php-fpm.conf Normal file
View File

@ -0,0 +1,18 @@
[global]
daemonize = no
[www]
listen = /tmp/php-fpm.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 6
chdir = /
request_terminate_timeout = 0
env[PATH] = /usr/local/bin:/usr/bin:/bin
php_admin_value[post_max_size] = <UPLOAD_MAX_SIZE>
php_admin_value[upload_max_filesize] = <UPLOAD_MAX_SIZE>
php_admin_value[max_execution_time] = 10800
php_admin_value[max_input_time] = 3600
php_admin_value[expose_php] = Off

30
nextcloud/10.0-armhf/run.sh Normal file
View File

@ -0,0 +1,30 @@
#!/bin/sh
sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/php7/php-fpm.conf \
-e "s/<APC_SHM_SIZE>/$APC_SHM_SIZE/g" /etc/php7/conf.d/apcu.ini \
-e "s/<OPCACHE_MEM_SIZE>/$OPCACHE_MEM_SIZE/g" /etc/php7/conf.d/00_opcache.ini \
-e "s/<CRON_PERIOD>/$CRON_PERIOD/g" /etc/s6.d/cron/run
# Put the configuration and apps into volumes
ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null
ln -sf /apps2 /nextcloud &>/dev/null
chown -R $UID:$GID /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d
if [ ! -f /config/config.php ]; then
# New installation, run the setup
/usr/local/bin/setup.sh
else
occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
occ maintenance:mode --off
echo "...which seemed to work."
fi
fi
chown -R $UID:$GID /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d
exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d

3
nextcloud/10.0-armhf/s6.d/.s6-svscan/finish Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
exit 0

6
nextcloud/10.0-armhf/s6.d/cron/run Normal file
View File

@ -0,0 +1,6 @@
#!/bin/sh
while true; do
php7 -f /nextcloud/cron.php
sleep <CRON_PERIOD>
done

2
nextcloud/10.0-armhf/s6.d/nginx/run Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec nginx

2
nextcloud/10.0-armhf/s6.d/php/run Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec php-fpm7

105
nextcloud/10.0-armhf/setup.sh Executable file
View File

@ -0,0 +1,105 @@
#!/bin/sh
# Nextcloud
##########################
#source setup/functions.sh # load our functions
#source /etc/mailinabox.conf # load global vars
CONFIGFILE=/config/config.php
# Create an initial configuration file.
instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1)
cat > $CONFIGFILE <<EOF;
<?php
\$CONFIG = array (
'datadirectory' => '/data',
"apps_paths" => array (
0 => array (
"path" => "/nextcloud/apps",
"url" => "/apps",
"writable" => false,
),
1 => array (
"path" => "/apps2",
"url" => "/apps2",
"writable" => true,
),
),
'memcache.local' => '\OC\Memcache\APCu',
'instanceid' => '$instanceid',
);
?>
EOF
# Create an auto-configuration file to fill in database settings
# when the install script is run. Make an administrator account
# here or else the install can't finish.
adminpassword=$(dd if=/dev/urandom bs=1 count=40 2>/dev/null | sha1sum | fold -w 30 | head -n 1)
cat > /nextcloud/config/autoconfig.php <<EOF;
<?php
\$AUTOCONFIG = array (
# storage/database
'directory' => '/data',
'dbtype' => '${DB_TYPE:-sqlite3}',
'dbname' => '${DB_NAME:-nextcloud}',
'dbuser' => '${DB_USER:-nextcloud}',
'dbpass' => '${DB_PASSWORD:-password}',
'dbhost' => '${DB_HOST:-nextcloud-db}',
'dbtableprefix' => 'oc_',
EOF
if [[ ! -z "$ADMIN_USER" ]]; then
cat >> /nextcloud/config/autoconfig.php <<EOF;
# create an administrator account with a random password so that
# the user does not have to enter anything on first load of ownCloud
'adminlogin' => '${ADMIN_USER}',
'adminpass' => '${ADMIN_PASSWORD}',
EOF
fi
cat >> /nextcloud/config/autoconfig.php <<EOF;
);
?>
EOF
echo "Starting automatic configuration..."
# Execute ownCloud's setup step, which creates the ownCloud database.
# It also wipes it if it exists. And it updates config.php with database
# settings and deletes the autoconfig.php file.
(cd /nextcloud; php7 index.php)
echo "Automatic configuration finished."
# Update config.php.
# * trusted_domains is reset to localhost by autoconfig starting with ownCloud 8.1.1,
# so set it here. It also can change if the box's PRIMARY_HOSTNAME changes, so
# this will make sure it has the right value.
# * Some settings weren't included in previous versions of Mail-in-a-Box.
# * We need to set the timezone to the system timezone to allow fail2ban to ban
# users within the proper timeframe
# * We need to set the logdateformat to something that will work correctly with fail2ban
# Use PHP to read the settings file, modify it, and write out the new settings array.
CONFIG_TEMP=$(/bin/mktemp)
php7 <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE
<?php
include("/config/config.php");
//\$CONFIG['memcache.local'] = '\\OC\\Memcache\\Memcached';
\$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches our master administrator address
\$CONFIG['logtimezone'] = '$TZ';
\$CONFIG['logdateformat'] = 'Y-m-d H:i:s';
echo "<?php\n\\\$CONFIG = ";
var_export(\$CONFIG);
echo ";";
?>
EOF
chown -R $UID:$GID /config
# Enable/disable apps. Note that this must be done after the ownCloud setup.
# The firstrunwizard gave Josh all sorts of problems, so disabling that.
# user_external is what allows ownCloud to use IMAP for login. The contacts
# and calendar apps are the extensions we really care about here.
occ app:disable firstrunwizard

18
nextcloud/README.md
View File

@ -4,9 +4,13 @@
![](https://s32.postimg.org/69nev7aol/Nextcloud_logo.png)
:warning: [It has been reported](https://github.com/Wonderfall/dockerfiles/issues/37) that his image might not work well with old versions of aufs. Please update aufs to 4.x or later, or use overlay/btrfs as a replacement.
:warning: HTTP port has recently changed, it's now **8888**. You will have to modify your reverse proxy settings.
### Notes
- [It has been reported](https://github.com/Wonderfall/dockerfiles/issues/37) that his image might not work well with old versions of aufs. Please update aufs to 4.x or later, or use overlay/btrfs as a replacement.
- HTTP port has recently changed, it's now **8888**. You will have to modify your reverse proxy settings.
- An ARM version is provided, but the setup may differ :
- `mariadb` docker image is not compatible with ARM. You can stick with sqlite3 or find an alternative (unofficial image, mariadb on the host).
- `wonderfall/boring-nginx` is not compatible too. Find another image or use nginx or any other solution on the host.
- At the moment only `armhf` is supported (Raspberry Pi 1/2, Scaleway C1), I need testers for `arm64` (Raspberry Pi 3, Pine64...).
### Features
- Based on Alpine Linux.
@ -21,13 +25,21 @@
- GNU Libiconv for php iconv extension (avoiding errors with some apps).
- No root processes. Never.
- Environment variables provided (see below).
- x86_64 and armhf are supported.
### Tags
#### x86_64
- **latest** : latest stable version.
- **10.0** : latest 10.0.x version (stable)
- **9.0** : latest 9.0.x version. (old stable) (unmaintained by this project)
- **daily** : latest code (daily build).
#### armhf
- **latest-armhf** : latest stable version.
- **10.0-armhf** : latest 10.0.x version (stable)
- **9.0-armhf** : latest 9.0.x version. (old stable) (unmaintained by this project)
- **daily-armhf** : latest code (daily build).
Other tags than `daily` are built weekly. For security reasons, you should occasionally update the container, even if you have the latest version of Nextcloud.
### Build-time variables

99
nextcloud/daily-armhf/Dockerfile Normal file
View File

@ -0,0 +1,99 @@
FROM orax/alpine-armhf:edge
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG GNU_LIBICONV_VERSION=1.14
ENV UID=991 GID=991 \
UPLOAD_MAX_SIZE=10G \
APC_SHM_SIZE=64M \
OPCACHE_MEM_SIZE=64 \
CRON_PERIOD=15m \
TZ=Etc/UTC \
DB_TYPE=sqlite3 \
ADMIN_USER=admin \
ADMIN_PASSWORD=admin
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& BUILD_DEPS=" \
tar \
build-base \
autoconf \
automake \
libtool" \
&& apk -U add \
${BUILD_DEPS} \
nginx \
s6 \
libressl \
ca-certificates \
libsmbclient \
samba-client \
su-exec \
tzdata \
php7@commuedge \
php7-fpm@commuedge \
php7-intl@commuedge \
php7-mbstring@commuedge \
php7-curl@commuedge \
php7-gd@commuedge \
php7-mcrypt@commuedge \
php7-opcache@commuedge \
php7-json@commuedge \
php7-session@commuedge \
php7-pdo@commuedge \
php7-dom@commuedge \
php7-ctype@commuedge \
php7-pdo_mysql@commuedge \
php7-pdo_pgsql@commuedge \
php7-pgsql@commuedge \
php7-pdo_sqlite@commuedge \
php7-sqlite3@commuedge \
php7-zlib@commuedge \
php7-zip@commuedge \
php7-xmlreader@commuedge \
php7-posix@commuedge \
php7-openssl@commuedge \
php7-ldap@commuedge \
php7-ftp@commuedge \
php7-pcntl@commuedge \
php7-apcu@testing \
php7-redis@testing \
php7-pear@commuedge \
php7-dev@commuedge \
&& mkdir /nextcloud && cd /tmp \
&& wget -q http://ftp.gnu.org/pub/gnu/libiconv/libiconv-${GNU_LIBICONV_VERSION}.tar.gz \
&& tar xzf libiconv-${GNU_LIBICONV_VERSION}.tar.gz && cd libiconv-${GNU_LIBICONV_VERSION} \
&& ./configure --prefix=/usr/local \
&& wget -q https://raw.githubusercontent.com/mxe/mxe/7e231efd245996b886b501dad780761205ecf376/src/libiconv-1-fixes.patch \
&& patch -p1 -u < libiconv-1-fixes.patch \
&& make && make install && libtool --finish /usr/local/lib && cd /tmp \
&& wget -q http://is1.php.net/get/php-7.0.11.tar.gz/from/this/mirror -O php7.tar.gz \
&& tar xzf php7.tar.gz && cd /tmp/php-7.0.11/ext/iconv && phpize7 \
&& ./configure --with-iconv=/usr/local --with-php-config=/usr/bin/php-config7 \
&& make && cp modules/iconv.so /usr/lib/php7/modules && cd /tmp \
&& echo "extension=iconv.so" > /etc/php7/conf.d/00_iconv.ini \
&& wget -q https://download.nextcloud.com/server/daily/latest.tar.bz2 \
&& tar xjf latest.tar.bz2 --strip 1 -C /nextcloud \
&& apk del ${BUILD_DEPS} php7-pear php7-dev \
&& rm -rf /var/cache/apk/* /tmp/*
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php7/php-fpm.conf
COPY opcache.ini /etc/php7/conf.d/00_opcache.ini
COPY apcu.ini /etc/php7/conf.d/apcu.ini
COPY run.sh /usr/local/bin/run.sh
COPY setup.sh /usr/local/bin/setup.sh
COPY occ /usr/local/bin/occ
COPY s6.d /etc/s6.d
RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /data /config /apps2
EXPOSE 8888
LABEL description="A server software for creating file hosting services" \
nextcloud="Nextcloud daily build"
CMD ["run.sh"]

4
nextcloud/daily-armhf/apcu.ini Normal file
View File

@ -0,0 +1,4 @@
extension=apcu.so
apc.enabled=1
apc.shm_size=<APC_SHM_SIZE>
apc.ttl=7200

113
nextcloud/daily-armhf/nginx.conf Normal file
View File

@ -0,0 +1,113 @@
worker_processes auto;
pid /tmp/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /tmp/ngx_error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
fastcgi_temp_path /tmp/fastcgi 1 2;
client_body_temp_path /tmp/client_body 1 2;
proxy_temp_path /tmp/proxy 1 2;
uwsgi_temp_path /tmp/uwsgi 1 2;
scgi_temp_path /tmp/scgi 1 2;
gzip off;
server {
listen 8888;
root /nextcloud;
client_max_body_size <UPLOAD_MAX_SIZE>;
fastcgi_buffers 64 4K;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 1200;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}
}

2
nextcloud/daily-armhf/occ Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
su-exec $UID:$GID php7 /nextcloud/occ $@

8
nextcloud/daily-armhf/opcache.ini Normal file
View File

@ -0,0 +1,8 @@
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.fast_shutdown=1
opcache.memory_consumption=<OPCACHE_MEM_SIZE>
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=5413
opcache.revalidate_freq=60

18
nextcloud/daily-armhf/php-fpm.conf Normal file
View File

@ -0,0 +1,18 @@
[global]
daemonize = no
[www]
listen = /tmp/php-fpm.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 6
chdir = /
request_terminate_timeout = 0
env[PATH] = /usr/local/bin:/usr/bin:/bin
php_admin_value[post_max_size] = <UPLOAD_MAX_SIZE>
php_admin_value[upload_max_filesize] = <UPLOAD_MAX_SIZE>
php_admin_value[max_execution_time] = 10800
php_admin_value[max_input_time] = 3600
php_admin_value[expose_php] = Off

30
nextcloud/daily-armhf/run.sh Normal file
View File

@ -0,0 +1,30 @@
#!/bin/sh
sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/php7/php-fpm.conf \
-e "s/<APC_SHM_SIZE>/$APC_SHM_SIZE/g" /etc/php7/conf.d/apcu.ini \
-e "s/<OPCACHE_MEM_SIZE>/$OPCACHE_MEM_SIZE/g" /etc/php7/conf.d/00_opcache.ini \
-e "s/<CRON_PERIOD>/$CRON_PERIOD/g" /etc/s6.d/cron/run
# Put the configuration and apps into volumes
ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null
ln -sf /apps2 /nextcloud &>/dev/null
chown -R $UID:$GID /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d
if [ ! -f /config/config.php ]; then
# New installation, run the setup
/usr/local/bin/setup.sh
else
occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
occ maintenance:mode --off
echo "...which seemed to work."
fi
fi
chown -R $UID:$GID /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d
exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d

3
nextcloud/daily-armhf/s6.d/.s6-svscan/finish Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
exit 0

6
nextcloud/daily-armhf/s6.d/cron/run Normal file
View File

@ -0,0 +1,6 @@
#!/bin/sh
while true; do
php7 -f /nextcloud/cron.php
sleep <CRON_PERIOD>
done

2
nextcloud/daily-armhf/s6.d/nginx/run Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec nginx

2
nextcloud/daily-armhf/s6.d/php/run Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec php-fpm7

108
nextcloud/daily-armhf/setup.sh Executable file
View File

@ -0,0 +1,108 @@
#!/bin/sh
# Nextcloud
##########################
#source setup/functions.sh # load our functions
#source /etc/mailinabox.conf # load global vars
CONFIGFILE=/config/config.php
# Create an initial configuration file.
instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1)
cat > $CONFIGFILE <<EOF;
<?php
\$CONFIG = array (
'datadirectory' => '/data',
"apps_paths" => array (
0 => array (
"path" => "/nextcloud/apps",
"url" => "/apps",
"writable" => false,
),
1 => array (
"path" => "/apps2",
"url" => "/apps2",
"writable" => true,
),
),
'memcache.local' => '\OC\Memcache\APCu',
'instanceid' => '$instanceid',
);
?>
EOF
# Create an auto-configuration file to fill in database settings
# when the install script is run. Make an administrator account
# here or else the install can't finish.
adminpassword=$(dd if=/dev/urandom bs=1 count=40 2>/dev/null | sha1sum | fold -w 30 | head -n 1)
cat > /nextcloud/config/autoconfig.php <<EOF;
<?php
\$AUTOCONFIG = array (
# storage/database
'directory' => '/data',
'dbtype' => '${DB_TYPE:-sqlite3}',
'dbname' => '${DB_NAME:-nextcloud}',
'dbuser' => '${DB_USER:-nextcloud}',
'dbpass' => '${DB_PASSWORD:-password}',
'dbhost' => '${DB_HOST:-nextcloud-db}',
'dbtableprefix' => 'oc_',
EOF
if [[ ! -z "$ADMIN_USER" ]]; then
cat >> /nextcloud/config/autoconfig.php <<EOF;
# create an administrator account with a random password so that
# the user does not have to enter anything on first load of ownCloud
'adminlogin' => '${ADMIN_USER}',
'adminpass' => '${ADMIN_PASSWORD}',
EOF
fi
cat >> /nextcloud/config/autoconfig.php <<EOF;
);
?>
EOF
echo "Starting automatic configuration..."
# Execute ownCloud's setup step, which creates the ownCloud database.
# It also wipes it if it exists. And it updates config.php with database
# settings and deletes the autoconfig.php file.
(cd /nextcloud; php7 index.php)
echo "Automatic configuration finished."
# Update config.php.
# * trusted_domains is reset to localhost by autoconfig starting with ownCloud 8.1.1,
# so set it here. It also can change if the box's PRIMARY_HOSTNAME changes, so
# this will make sure it has the right value.
# * Some settings weren't included in previous versions of Mail-in-a-Box.
# * We need to set the timezone to the system timezone to allow fail2ban to ban
# users within the proper timeframe
# * We need to set the logdateformat to something that will work correctly with fail2ban
# Use PHP to read the settings file, modify it, and write out the new settings array.
CONFIG_TEMP=$(/bin/mktemp)
php7 <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE
<?php
include("/config/config.php");
\$CONFIG['trusted_domains'] = array('$VIRTUAL_HOST');
//\$CONFIG['memcache.local'] = '\\OC\\Memcache\\Memcached';
//\$CONFIG['overwrite.cli.url'] = '/cloud';
\$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches our master administrator address
\$CONFIG['logtimezone'] = '$TZ';
\$CONFIG['logdateformat'] = 'Y-m-d H:i:s';
echo "<?php\n\\\$CONFIG = ";
var_export(\$CONFIG);
echo ";";
?>
EOF
chown -R $UID:$GID /config
# Enable/disable apps. Note that this must be done after the ownCloud setup.
# The firstrunwizard gave Josh all sorts of problems, so disabling that.
# user_external is what allows ownCloud to use IMAP for login. The contacts
# and calendar apps are the extensions we really care about here.
occ app:disable firstrunwizard