From d2d24ee11cc02f1abfeb1d0ccb1f2bc2f4d4b9a7 Mon Sep 17 00:00:00 2001 From: Wonderfall Date: Fri, 25 Nov 2016 18:19:08 +0000 Subject: [PATCH] nexcloud: add 11.0 beta --- nextcloud/11.0-armhf/Dockerfile | 122 ++++++++++++++++++++ nextcloud/11.0-armhf/apcu.ini | 4 + nextcloud/11.0-armhf/nginx.conf | 113 ++++++++++++++++++ nextcloud/11.0-armhf/occ | 2 + nextcloud/11.0-armhf/opcache.ini | 8 ++ nextcloud/11.0-armhf/php-fpm.conf | 18 +++ nextcloud/11.0-armhf/redis.conf | 14 +++ nextcloud/11.0-armhf/run.sh | 33 ++++++ nextcloud/11.0-armhf/s6.d/.s6-svscan/finish | 3 + nextcloud/11.0-armhf/s6.d/cron/run | 6 + nextcloud/11.0-armhf/s6.d/nginx/run | 2 + nextcloud/11.0-armhf/s6.d/php/run | 2 + nextcloud/11.0-armhf/s6.d/redis/run | 2 + nextcloud/11.0-armhf/setup.sh | 112 ++++++++++++++++++ nextcloud/11.0/Dockerfile | 122 ++++++++++++++++++++ nextcloud/11.0/apcu.ini | 4 + nextcloud/11.0/nginx.conf | 113 ++++++++++++++++++ nextcloud/11.0/occ | 2 + nextcloud/11.0/opcache.ini | 8 ++ nextcloud/11.0/php-fpm.conf | 18 +++ nextcloud/11.0/redis.conf | 14 +++ nextcloud/11.0/run.sh | 33 ++++++ nextcloud/11.0/s6.d/.s6-svscan/finish | 3 + nextcloud/11.0/s6.d/cron/run | 6 + nextcloud/11.0/s6.d/nginx/run | 2 + nextcloud/11.0/s6.d/php/run | 2 + nextcloud/11.0/s6.d/redis/run | 2 + nextcloud/11.0/setup.sh | 112 ++++++++++++++++++ nextcloud/README.md | 1 + 29 files changed, 883 insertions(+) create mode 100644 nextcloud/11.0-armhf/Dockerfile create mode 100644 nextcloud/11.0-armhf/apcu.ini create mode 100644 nextcloud/11.0-armhf/nginx.conf create mode 100644 nextcloud/11.0-armhf/occ create mode 100644 nextcloud/11.0-armhf/opcache.ini create mode 100644 nextcloud/11.0-armhf/php-fpm.conf create mode 100644 nextcloud/11.0-armhf/redis.conf create mode 100644 nextcloud/11.0-armhf/run.sh create mode 100644 nextcloud/11.0-armhf/s6.d/.s6-svscan/finish create mode 100644 nextcloud/11.0-armhf/s6.d/cron/run create mode 100644 nextcloud/11.0-armhf/s6.d/nginx/run create mode 100644 nextcloud/11.0-armhf/s6.d/php/run create mode 100644 nextcloud/11.0-armhf/s6.d/redis/run create mode 100755 nextcloud/11.0-armhf/setup.sh create mode 100644 nextcloud/11.0/Dockerfile create mode 100644 nextcloud/11.0/apcu.ini create mode 100644 nextcloud/11.0/nginx.conf create mode 100644 nextcloud/11.0/occ create mode 100644 nextcloud/11.0/opcache.ini create mode 100644 nextcloud/11.0/php-fpm.conf create mode 100644 nextcloud/11.0/redis.conf create mode 100644 nextcloud/11.0/run.sh create mode 100644 nextcloud/11.0/s6.d/.s6-svscan/finish create mode 100644 nextcloud/11.0/s6.d/cron/run create mode 100644 nextcloud/11.0/s6.d/nginx/run create mode 100644 nextcloud/11.0/s6.d/php/run create mode 100644 nextcloud/11.0/s6.d/redis/run create mode 100755 nextcloud/11.0/setup.sh diff --git a/nextcloud/11.0-armhf/Dockerfile b/nextcloud/11.0-armhf/Dockerfile new file mode 100644 index 0000000..410878f --- /dev/null +++ b/nextcloud/11.0-armhf/Dockerfile @@ -0,0 +1,122 @@ +FROM orax/alpine-armhf:edge +MAINTAINER Wonderfall + +ARG NEXTCLOUD_VERSION=11.0.0beta +ARG GNU_LIBICONV_VERSION=1.14 +ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" + +ENV UID=991 GID=991 \ + UPLOAD_MAX_SIZE=10G \ + APC_SHM_SIZE=128M \ + OPCACHE_MEM_SIZE=128 \ + REDIS_MAX_MEMORY=64mb \ + CRON_PERIOD=15m \ + TZ=Etc/UTC \ + DB_TYPE=sqlite3 \ + ADMIN_USER=admin \ + ADMIN_PASSWORD=admin + +RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ + && echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ + && BUILD_DEPS=" \ + gnupg \ + tar \ + build-base \ + autoconf \ + automake \ + libtool \ + samba-dev" \ + && apk -U add \ + ${BUILD_DEPS} \ + nginx \ + s6 \ + libressl \ + ca-certificates \ + libsmbclient \ + samba-client \ + su-exec \ + tzdata \ + redis \ + php7@commuedge \ + php7-fpm@commuedge \ + php7-intl@commuedge \ + php7-mbstring@commuedge \ + php7-curl@commuedge \ + php7-gd@commuedge \ + php7-mcrypt@commuedge \ + php7-opcache@commuedge \ + php7-json@commuedge \ + php7-session@commuedge \ + php7-pdo@commuedge \ + php7-dom@commuedge \ + php7-ctype@commuedge \ + php7-pdo_mysql@commuedge \ + php7-pdo_pgsql@commuedge \ + php7-pgsql@commuedge \ + php7-pdo_sqlite@commuedge \ + php7-sqlite3@commuedge \ + php7-zlib@commuedge \ + php7-zip@commuedge \ + php7-xmlreader@commuedge \ + php7-posix@commuedge \ + php7-openssl@commuedge \ + php7-ldap@commuedge \ + php7-ftp@commuedge \ + php7-pcntl@commuedge \ + php7-exif@commuedge \ + php7-apcu@testing \ + php7-redis@testing \ + php7-pear@commuedge \ + php7-dev@commuedge \ + && sed -i "$ s|\-n||g" /usr/bin/pecl && pecl install smbclient \ + && cd /tmp && wget -q http://ftp.gnu.org/pub/gnu/libiconv/libiconv-${GNU_LIBICONV_VERSION}.tar.gz \ + && tar xzf libiconv-${GNU_LIBICONV_VERSION}.tar.gz && cd libiconv-${GNU_LIBICONV_VERSION} \ + && ./configure --prefix=/usr/local \ + && wget -q https://raw.githubusercontent.com/mxe/mxe/7e231efd245996b886b501dad780761205ecf376/src/libiconv-1-fixes.patch \ + && patch -p1 -u < libiconv-1-fixes.patch \ + && make && make install && libtool --finish /usr/local/lib && cd /tmp \ + && wget -q http://is1.php.net/get/php-7.0.13.tar.gz/from/this/mirror -O php7.tar.gz \ + && tar xzf php7.tar.gz && cd /tmp/php-7.0.13/ext/iconv && phpize7 \ + && ./configure --with-iconv=/usr/local --with-php-config=/usr/bin/php-config7 \ + && make && cp modules/iconv.so /usr/lib/php7/modules && cd /tmp \ + && echo "extension=iconv.so" > /etc/php7/conf.d/00_iconv.ini \ + && echo "extension=smbclient.so" > /etc/php7/conf.d/00_smbclient.ini \ + && mkdir /nextcloud \ + && NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ + && wget -q https://download.nextcloud.com/server/prereleases/${NEXTCLOUD_TARBALL} \ + && wget -q https://download.nextcloud.com/server/prereleases/${NEXTCLOUD_TARBALL}.sha256 \ + && wget -q https://download.nextcloud.com/server/prereleases/${NEXTCLOUD_TARBALL}.asc \ + && wget -q https://nextcloud.com/nextcloud.asc \ + && echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \ + && CHECKSUM_STATE=$(echo -n $(sha256sum -c ${NEXTCLOUD_TARBALL}.sha256) | tail -c 2) \ + && if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \ + && gpg --import nextcloud.asc \ + && FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \ + | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ + && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ + && if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ + && echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \ + && tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \ + && apk del ${BUILD_DEPS} php7-pear php7-dev \ + && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg + +COPY nginx.conf /etc/nginx/nginx.conf +COPY php-fpm.conf /etc/php7/php-fpm.conf +COPY opcache.ini /etc/php7/conf.d/00_opcache.ini +COPY apcu.ini /etc/php7/conf.d/apcu.ini +COPY redis.conf /etc/redis.conf +COPY run.sh /usr/local/bin/run.sh +COPY setup.sh /usr/local/bin/setup.sh +COPY occ /usr/local/bin/occ +COPY s6.d /etc/s6.d + +RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* + +VOLUME /data /config /apps2 /var/lib/redis + +EXPOSE 8888 + +LABEL description="A server software for creating file hosting services" \ + nextcloud="Nextcloud v${NEXTCLOUD_VERSION}" + +CMD ["run.sh"] diff --git a/nextcloud/11.0-armhf/apcu.ini b/nextcloud/11.0-armhf/apcu.ini new file mode 100644 index 0000000..1bf9b49 --- /dev/null +++ b/nextcloud/11.0-armhf/apcu.ini @@ -0,0 +1,4 @@ +extension=apcu.so +apc.enabled=1 +apc.shm_size= +apc.ttl=7200 diff --git a/nextcloud/11.0-armhf/nginx.conf b/nextcloud/11.0-armhf/nginx.conf new file mode 100644 index 0000000..0633855 --- /dev/null +++ b/nextcloud/11.0-armhf/nginx.conf @@ -0,0 +1,113 @@ +worker_processes auto; +pid /tmp/nginx.pid; +daemon off; + +events { + worker_connections 1024; + use epoll; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log off; + error_log /tmp/ngx_error.log error; + + sendfile on; + keepalive_timeout 15; + keepalive_disable msie6; + keepalive_requests 100; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + + fastcgi_temp_path /tmp/fastcgi 1 2; + client_body_temp_path /tmp/client_body 1 2; + proxy_temp_path /tmp/proxy 1 2; + uwsgi_temp_path /tmp/uwsgi 1 2; + scgi_temp_path /tmp/scgi 1 2; + + gzip off; + + server { + listen 8888; + root /nextcloud; + + client_max_body_size ; + fastcgi_buffers 64 4K; + + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass unix:/tmp/php-fpm.sock; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + fastcgi_read_timeout 1200; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + location ~* \.(?:css|js)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=7200"; + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + access_log off; + } + + location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + access_log off; + } + } +} diff --git a/nextcloud/11.0-armhf/occ b/nextcloud/11.0-armhf/occ new file mode 100644 index 0000000..a766ef6 --- /dev/null +++ b/nextcloud/11.0-armhf/occ @@ -0,0 +1,2 @@ +#!/bin/sh +su-exec $UID:$GID php7 /nextcloud/occ $@ diff --git a/nextcloud/11.0-armhf/opcache.ini b/nextcloud/11.0-armhf/opcache.ini new file mode 100644 index 0000000..705e399 --- /dev/null +++ b/nextcloud/11.0-armhf/opcache.ini @@ -0,0 +1,8 @@ +zend_extension=opcache.so +opcache.enable=1 +opcache.enable_cli=1 +opcache.fast_shutdown=1 +opcache.memory_consumption= +opcache.interned_strings_buffer=16 +opcache.max_accelerated_files=5413 +opcache.revalidate_freq=60 diff --git a/nextcloud/11.0-armhf/php-fpm.conf b/nextcloud/11.0-armhf/php-fpm.conf new file mode 100644 index 0000000..2bb8380 --- /dev/null +++ b/nextcloud/11.0-armhf/php-fpm.conf @@ -0,0 +1,18 @@ +[global] +daemonize = no + +[www] +listen = /tmp/php-fpm.sock +pm = dynamic +pm.max_children = 15 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 6 +chdir = / +request_terminate_timeout = 0 +env[PATH] = /usr/local/bin:/usr/bin:/bin +php_admin_value[post_max_size] = +php_admin_value[upload_max_filesize] = +php_admin_value[max_execution_time] = 10800 +php_admin_value[max_input_time] = 3600 +php_admin_value[expose_php] = Off diff --git a/nextcloud/11.0-armhf/redis.conf b/nextcloud/11.0-armhf/redis.conf new file mode 100644 index 0000000..c26fc6b --- /dev/null +++ b/nextcloud/11.0-armhf/redis.conf @@ -0,0 +1,14 @@ +bind 127.0.0.1 +protected-mode yes +port 0 +unixsocket /tmp/redis.sock +unixsocketperm 700 +daemonize no +pidfile /tmp/redis.pid +logfile /tmp/redis.log +save 900 1 +save 300 10 +save 60 10000 +dbfilename dump.rdb +dir /var/lib/redis/ +maxmemory diff --git a/nextcloud/11.0-armhf/run.sh b/nextcloud/11.0-armhf/run.sh new file mode 100644 index 0000000..48aa6da --- /dev/null +++ b/nextcloud/11.0-armhf/run.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +sed -i -e "s//$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/php7/php-fpm.conf \ + -e "s//$APC_SHM_SIZE/g" /etc/php7/conf.d/apcu.ini \ + -e "s//$OPCACHE_MEM_SIZE/g" /etc/php7/conf.d/00_opcache.ini \ + -e "s//$REDIS_MAX_MEMORY/g" /etc/redis.conf \ + -e "s//$CRON_PERIOD/g" /etc/s6.d/cron/run + +# Put the configuration and apps into volumes +ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null +ln -sf /apps2 /nextcloud &>/dev/null + +for dir in /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /var/lib/redis /tmp /etc/s6.d; do + if $(find $dir ! -user $UID -o ! -group $GID|egrep '.' -q); then + chown -R $UID:$GID $dir + fi +done + +if [ ! -f /config/config.php ]; then + # New installation, run the setup + /usr/local/bin/setup.sh +else + occ upgrade + if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then + echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..." + occ upgrade + if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi + occ maintenance:mode --off + echo "...which seemed to work." + fi +fi + +exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/nextcloud/11.0-armhf/s6.d/.s6-svscan/finish b/nextcloud/11.0-armhf/s6.d/.s6-svscan/finish new file mode 100644 index 0000000..c52d3c2 --- /dev/null +++ b/nextcloud/11.0-armhf/s6.d/.s6-svscan/finish @@ -0,0 +1,3 @@ +#!/bin/sh + +exit 0 diff --git a/nextcloud/11.0-armhf/s6.d/cron/run b/nextcloud/11.0-armhf/s6.d/cron/run new file mode 100644 index 0000000..2e6fec5 --- /dev/null +++ b/nextcloud/11.0-armhf/s6.d/cron/run @@ -0,0 +1,6 @@ +#!/bin/sh + +while true; do + php7 -f /nextcloud/cron.php + sleep +done diff --git a/nextcloud/11.0-armhf/s6.d/nginx/run b/nextcloud/11.0-armhf/s6.d/nginx/run new file mode 100644 index 0000000..eaf8049 --- /dev/null +++ b/nextcloud/11.0-armhf/s6.d/nginx/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec nginx diff --git a/nextcloud/11.0-armhf/s6.d/php/run b/nextcloud/11.0-armhf/s6.d/php/run new file mode 100644 index 0000000..e238021 --- /dev/null +++ b/nextcloud/11.0-armhf/s6.d/php/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec php-fpm7 diff --git a/nextcloud/11.0-armhf/s6.d/redis/run b/nextcloud/11.0-armhf/s6.d/redis/run new file mode 100644 index 0000000..4881331 --- /dev/null +++ b/nextcloud/11.0-armhf/s6.d/redis/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec redis-server /etc/redis.conf diff --git a/nextcloud/11.0-armhf/setup.sh b/nextcloud/11.0-armhf/setup.sh new file mode 100755 index 0000000..a8ade50 --- /dev/null +++ b/nextcloud/11.0-armhf/setup.sh @@ -0,0 +1,112 @@ +#!/bin/sh +# Nextcloud +########################## + +#source setup/functions.sh # load our functions +#source /etc/mailinabox.conf # load global vars +CONFIGFILE=/config/config.php + + +# Create an initial configuration file. +instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1) +cat > $CONFIGFILE < '/data', + + "apps_paths" => array ( + 0 => array ( + "path" => "/nextcloud/apps", + "url" => "/apps", + "writable" => false, + ), + 1 => array ( + "path" => "/apps2", + "url" => "/apps2", + "writable" => true, + ), + ), + + 'memcache.local' => '\OC\Memcache\APCu', + + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => array( + 'host' => '/tmp/redis.sock', + 'port' => 0, + 'timeout' => 0.0, + ), + + 'instanceid' => '$instanceid', +); +?> +EOF + +# Create an auto-configuration file to fill in database settings +# when the install script is run. Make an administrator account +# here or else the install can't finish. +adminpassword=$(dd if=/dev/urandom bs=1 count=40 2>/dev/null | sha1sum | fold -w 30 | head -n 1) +cat > /nextcloud/config/autoconfig.php < '/data', + 'dbtype' => '${DB_TYPE:-sqlite3}', + 'dbname' => '${DB_NAME:-nextcloud}', + 'dbuser' => '${DB_USER:-nextcloud}', + 'dbpass' => '${DB_PASSWORD:-password}', + 'dbhost' => '${DB_HOST:-nextcloud-db}', + 'dbtableprefix' => 'oc_', +EOF +if [[ ! -z "$ADMIN_USER" ]]; then + cat >> /nextcloud/config/autoconfig.php < '${ADMIN_USER}', + 'adminpass' => '${ADMIN_PASSWORD}', +EOF +fi +cat >> /nextcloud/config/autoconfig.php < +EOF + +echo "Starting automatic configuration..." +# Execute ownCloud's setup step, which creates the ownCloud database. +# It also wipes it if it exists. And it updates config.php with database +# settings and deletes the autoconfig.php file. +(cd /nextcloud; php7 index.php) +echo "Automatic configuration finished." + +# Update config.php. +# * trusted_domains is reset to localhost by autoconfig starting with ownCloud 8.1.1, +# so set it here. It also can change if the box's PRIMARY_HOSTNAME changes, so +# this will make sure it has the right value. +# * Some settings weren't included in previous versions of Mail-in-a-Box. +# * We need to set the timezone to the system timezone to allow fail2ban to ban +# users within the proper timeframe +# * We need to set the logdateformat to something that will work correctly with fail2ban +# Use PHP to read the settings file, modify it, and write out the new settings array. + +CONFIG_TEMP=$(/bin/mktemp) +php7 < $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE + +EOF + +chown -R $UID:$GID /config /data +# Enable/disable apps. Note that this must be done after the ownCloud setup. +# The firstrunwizard gave Josh all sorts of problems, so disabling that. +# user_external is what allows ownCloud to use IMAP for login. The contacts +# and calendar apps are the extensions we really care about here. +occ app:disable firstrunwizard diff --git a/nextcloud/11.0/Dockerfile b/nextcloud/11.0/Dockerfile new file mode 100644 index 0000000..c6b0445 --- /dev/null +++ b/nextcloud/11.0/Dockerfile @@ -0,0 +1,122 @@ +FROM alpine:edge +MAINTAINER Wonderfall + +ARG NEXTCLOUD_VERSION=11.0.0beta +ARG GNU_LIBICONV_VERSION=1.14 +ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" + +ENV UID=991 GID=991 \ + UPLOAD_MAX_SIZE=10G \ + APC_SHM_SIZE=128M \ + OPCACHE_MEM_SIZE=128 \ + REDIS_MAX_MEMORY=64mb \ + CRON_PERIOD=15m \ + TZ=Etc/UTC \ + DB_TYPE=sqlite3 \ + ADMIN_USER=admin \ + ADMIN_PASSWORD=admin + +RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ + && echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ + && BUILD_DEPS=" \ + gnupg \ + tar \ + build-base \ + autoconf \ + automake \ + libtool \ + samba-dev" \ + && apk -U add \ + ${BUILD_DEPS} \ + nginx \ + s6 \ + libressl \ + ca-certificates \ + libsmbclient \ + samba-client \ + su-exec \ + tzdata \ + redis \ + php7@commuedge \ + php7-fpm@commuedge \ + php7-intl@commuedge \ + php7-mbstring@commuedge \ + php7-curl@commuedge \ + php7-gd@commuedge \ + php7-mcrypt@commuedge \ + php7-opcache@commuedge \ + php7-json@commuedge \ + php7-session@commuedge \ + php7-pdo@commuedge \ + php7-dom@commuedge \ + php7-ctype@commuedge \ + php7-pdo_mysql@commuedge \ + php7-pdo_pgsql@commuedge \ + php7-pgsql@commuedge \ + php7-pdo_sqlite@commuedge \ + php7-sqlite3@commuedge \ + php7-zlib@commuedge \ + php7-zip@commuedge \ + php7-xmlreader@commuedge \ + php7-posix@commuedge \ + php7-openssl@commuedge \ + php7-ldap@commuedge \ + php7-ftp@commuedge \ + php7-pcntl@commuedge \ + php7-exif@commuedge \ + php7-apcu@testing \ + php7-redis@testing \ + php7-pear@commuedge \ + php7-dev@commuedge \ + && sed -i "$ s|\-n||g" /usr/bin/pecl && pecl install smbclient \ + && cd /tmp && wget -q http://ftp.gnu.org/pub/gnu/libiconv/libiconv-${GNU_LIBICONV_VERSION}.tar.gz \ + && tar xzf libiconv-${GNU_LIBICONV_VERSION}.tar.gz && cd libiconv-${GNU_LIBICONV_VERSION} \ + && ./configure --prefix=/usr/local \ + && wget -q https://raw.githubusercontent.com/mxe/mxe/7e231efd245996b886b501dad780761205ecf376/src/libiconv-1-fixes.patch \ + && patch -p1 -u < libiconv-1-fixes.patch \ + && make && make install && libtool --finish /usr/local/lib && cd /tmp \ + && wget -q http://is1.php.net/get/php-7.0.13.tar.gz/from/this/mirror -O php7.tar.gz \ + && tar xzf php7.tar.gz && cd /tmp/php-7.0.13/ext/iconv && phpize7 \ + && ./configure --with-iconv=/usr/local --with-php-config=/usr/bin/php-config7 \ + && make && cp modules/iconv.so /usr/lib/php7/modules && cd /tmp \ + && echo "extension=iconv.so" > /etc/php7/conf.d/00_iconv.ini \ + && echo "extension=smbclient.so" > /etc/php7/conf.d/00_smbclient.ini \ + && mkdir /nextcloud \ + && NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ + && wget -q https://download.nextcloud.com/server/prereleases/${NEXTCLOUD_TARBALL} \ + && wget -q https://download.nextcloud.com/server/prereleases/${NEXTCLOUD_TARBALL}.sha256 \ + && wget -q https://download.nextcloud.com/server/prereleases/${NEXTCLOUD_TARBALL}.asc \ + && wget -q https://nextcloud.com/nextcloud.asc \ + && echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \ + && CHECKSUM_STATE=$(echo -n $(sha256sum -c ${NEXTCLOUD_TARBALL}.sha256) | tail -c 2) \ + && if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \ + && gpg --import nextcloud.asc \ + && FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \ + | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ + && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ + && if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ + && echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \ + && tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \ + && apk del ${BUILD_DEPS} php7-pear php7-dev \ + && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg + +COPY nginx.conf /etc/nginx/nginx.conf +COPY php-fpm.conf /etc/php7/php-fpm.conf +COPY opcache.ini /etc/php7/conf.d/00_opcache.ini +COPY apcu.ini /etc/php7/conf.d/apcu.ini +COPY redis.conf /etc/redis.conf +COPY run.sh /usr/local/bin/run.sh +COPY setup.sh /usr/local/bin/setup.sh +COPY occ /usr/local/bin/occ +COPY s6.d /etc/s6.d + +RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* + +VOLUME /data /config /apps2 /var/lib/redis + +EXPOSE 8888 + +LABEL description="A server software for creating file hosting services" \ + nextcloud="Nextcloud v${NEXTCLOUD_VERSION}" + +CMD ["run.sh"] diff --git a/nextcloud/11.0/apcu.ini b/nextcloud/11.0/apcu.ini new file mode 100644 index 0000000..1bf9b49 --- /dev/null +++ b/nextcloud/11.0/apcu.ini @@ -0,0 +1,4 @@ +extension=apcu.so +apc.enabled=1 +apc.shm_size= +apc.ttl=7200 diff --git a/nextcloud/11.0/nginx.conf b/nextcloud/11.0/nginx.conf new file mode 100644 index 0000000..0633855 --- /dev/null +++ b/nextcloud/11.0/nginx.conf @@ -0,0 +1,113 @@ +worker_processes auto; +pid /tmp/nginx.pid; +daemon off; + +events { + worker_connections 1024; + use epoll; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log off; + error_log /tmp/ngx_error.log error; + + sendfile on; + keepalive_timeout 15; + keepalive_disable msie6; + keepalive_requests 100; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + + fastcgi_temp_path /tmp/fastcgi 1 2; + client_body_temp_path /tmp/client_body 1 2; + proxy_temp_path /tmp/proxy 1 2; + uwsgi_temp_path /tmp/uwsgi 1 2; + scgi_temp_path /tmp/scgi 1 2; + + gzip off; + + server { + listen 8888; + root /nextcloud; + + client_max_body_size ; + fastcgi_buffers 64 4K; + + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass unix:/tmp/php-fpm.sock; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + fastcgi_read_timeout 1200; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + location ~* \.(?:css|js)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=7200"; + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + access_log off; + } + + location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + access_log off; + } + } +} diff --git a/nextcloud/11.0/occ b/nextcloud/11.0/occ new file mode 100644 index 0000000..a766ef6 --- /dev/null +++ b/nextcloud/11.0/occ @@ -0,0 +1,2 @@ +#!/bin/sh +su-exec $UID:$GID php7 /nextcloud/occ $@ diff --git a/nextcloud/11.0/opcache.ini b/nextcloud/11.0/opcache.ini new file mode 100644 index 0000000..705e399 --- /dev/null +++ b/nextcloud/11.0/opcache.ini @@ -0,0 +1,8 @@ +zend_extension=opcache.so +opcache.enable=1 +opcache.enable_cli=1 +opcache.fast_shutdown=1 +opcache.memory_consumption= +opcache.interned_strings_buffer=16 +opcache.max_accelerated_files=5413 +opcache.revalidate_freq=60 diff --git a/nextcloud/11.0/php-fpm.conf b/nextcloud/11.0/php-fpm.conf new file mode 100644 index 0000000..2bb8380 --- /dev/null +++ b/nextcloud/11.0/php-fpm.conf @@ -0,0 +1,18 @@ +[global] +daemonize = no + +[www] +listen = /tmp/php-fpm.sock +pm = dynamic +pm.max_children = 15 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 6 +chdir = / +request_terminate_timeout = 0 +env[PATH] = /usr/local/bin:/usr/bin:/bin +php_admin_value[post_max_size] = +php_admin_value[upload_max_filesize] = +php_admin_value[max_execution_time] = 10800 +php_admin_value[max_input_time] = 3600 +php_admin_value[expose_php] = Off diff --git a/nextcloud/11.0/redis.conf b/nextcloud/11.0/redis.conf new file mode 100644 index 0000000..c26fc6b --- /dev/null +++ b/nextcloud/11.0/redis.conf @@ -0,0 +1,14 @@ +bind 127.0.0.1 +protected-mode yes +port 0 +unixsocket /tmp/redis.sock +unixsocketperm 700 +daemonize no +pidfile /tmp/redis.pid +logfile /tmp/redis.log +save 900 1 +save 300 10 +save 60 10000 +dbfilename dump.rdb +dir /var/lib/redis/ +maxmemory diff --git a/nextcloud/11.0/run.sh b/nextcloud/11.0/run.sh new file mode 100644 index 0000000..48aa6da --- /dev/null +++ b/nextcloud/11.0/run.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +sed -i -e "s//$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/php7/php-fpm.conf \ + -e "s//$APC_SHM_SIZE/g" /etc/php7/conf.d/apcu.ini \ + -e "s//$OPCACHE_MEM_SIZE/g" /etc/php7/conf.d/00_opcache.ini \ + -e "s//$REDIS_MAX_MEMORY/g" /etc/redis.conf \ + -e "s//$CRON_PERIOD/g" /etc/s6.d/cron/run + +# Put the configuration and apps into volumes +ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null +ln -sf /apps2 /nextcloud &>/dev/null + +for dir in /nextcloud /data /config /apps2 /etc/nginx /etc/php7 /var/log /var/lib/nginx /var/lib/redis /tmp /etc/s6.d; do + if $(find $dir ! -user $UID -o ! -group $GID|egrep '.' -q); then + chown -R $UID:$GID $dir + fi +done + +if [ ! -f /config/config.php ]; then + # New installation, run the setup + /usr/local/bin/setup.sh +else + occ upgrade + if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then + echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..." + occ upgrade + if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi + occ maintenance:mode --off + echo "...which seemed to work." + fi +fi + +exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/nextcloud/11.0/s6.d/.s6-svscan/finish b/nextcloud/11.0/s6.d/.s6-svscan/finish new file mode 100644 index 0000000..c52d3c2 --- /dev/null +++ b/nextcloud/11.0/s6.d/.s6-svscan/finish @@ -0,0 +1,3 @@ +#!/bin/sh + +exit 0 diff --git a/nextcloud/11.0/s6.d/cron/run b/nextcloud/11.0/s6.d/cron/run new file mode 100644 index 0000000..2e6fec5 --- /dev/null +++ b/nextcloud/11.0/s6.d/cron/run @@ -0,0 +1,6 @@ +#!/bin/sh + +while true; do + php7 -f /nextcloud/cron.php + sleep +done diff --git a/nextcloud/11.0/s6.d/nginx/run b/nextcloud/11.0/s6.d/nginx/run new file mode 100644 index 0000000..eaf8049 --- /dev/null +++ b/nextcloud/11.0/s6.d/nginx/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec nginx diff --git a/nextcloud/11.0/s6.d/php/run b/nextcloud/11.0/s6.d/php/run new file mode 100644 index 0000000..e238021 --- /dev/null +++ b/nextcloud/11.0/s6.d/php/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec php-fpm7 diff --git a/nextcloud/11.0/s6.d/redis/run b/nextcloud/11.0/s6.d/redis/run new file mode 100644 index 0000000..4881331 --- /dev/null +++ b/nextcloud/11.0/s6.d/redis/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec redis-server /etc/redis.conf diff --git a/nextcloud/11.0/setup.sh b/nextcloud/11.0/setup.sh new file mode 100755 index 0000000..a8ade50 --- /dev/null +++ b/nextcloud/11.0/setup.sh @@ -0,0 +1,112 @@ +#!/bin/sh +# Nextcloud +########################## + +#source setup/functions.sh # load our functions +#source /etc/mailinabox.conf # load global vars +CONFIGFILE=/config/config.php + + +# Create an initial configuration file. +instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1) +cat > $CONFIGFILE < '/data', + + "apps_paths" => array ( + 0 => array ( + "path" => "/nextcloud/apps", + "url" => "/apps", + "writable" => false, + ), + 1 => array ( + "path" => "/apps2", + "url" => "/apps2", + "writable" => true, + ), + ), + + 'memcache.local' => '\OC\Memcache\APCu', + + 'memcache.locking' => '\OC\Memcache\Redis', + 'redis' => array( + 'host' => '/tmp/redis.sock', + 'port' => 0, + 'timeout' => 0.0, + ), + + 'instanceid' => '$instanceid', +); +?> +EOF + +# Create an auto-configuration file to fill in database settings +# when the install script is run. Make an administrator account +# here or else the install can't finish. +adminpassword=$(dd if=/dev/urandom bs=1 count=40 2>/dev/null | sha1sum | fold -w 30 | head -n 1) +cat > /nextcloud/config/autoconfig.php < '/data', + 'dbtype' => '${DB_TYPE:-sqlite3}', + 'dbname' => '${DB_NAME:-nextcloud}', + 'dbuser' => '${DB_USER:-nextcloud}', + 'dbpass' => '${DB_PASSWORD:-password}', + 'dbhost' => '${DB_HOST:-nextcloud-db}', + 'dbtableprefix' => 'oc_', +EOF +if [[ ! -z "$ADMIN_USER" ]]; then + cat >> /nextcloud/config/autoconfig.php < '${ADMIN_USER}', + 'adminpass' => '${ADMIN_PASSWORD}', +EOF +fi +cat >> /nextcloud/config/autoconfig.php < +EOF + +echo "Starting automatic configuration..." +# Execute ownCloud's setup step, which creates the ownCloud database. +# It also wipes it if it exists. And it updates config.php with database +# settings and deletes the autoconfig.php file. +(cd /nextcloud; php7 index.php) +echo "Automatic configuration finished." + +# Update config.php. +# * trusted_domains is reset to localhost by autoconfig starting with ownCloud 8.1.1, +# so set it here. It also can change if the box's PRIMARY_HOSTNAME changes, so +# this will make sure it has the right value. +# * Some settings weren't included in previous versions of Mail-in-a-Box. +# * We need to set the timezone to the system timezone to allow fail2ban to ban +# users within the proper timeframe +# * We need to set the logdateformat to something that will work correctly with fail2ban +# Use PHP to read the settings file, modify it, and write out the new settings array. + +CONFIG_TEMP=$(/bin/mktemp) +php7 < $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE + +EOF + +chown -R $UID:$GID /config /data +# Enable/disable apps. Note that this must be done after the ownCloud setup. +# The firstrunwizard gave Josh all sorts of problems, so disabling that. +# user_external is what allows ownCloud to use IMAP for login. The contacts +# and calendar apps are the extensions we really care about here. +occ app:disable firstrunwizard diff --git a/nextcloud/README.md b/nextcloud/README.md index 4305e67..bad1ae5 100644 --- a/nextcloud/README.md +++ b/nextcloud/README.md @@ -34,6 +34,7 @@ ### Tags - **latest** : latest stable version. +- **11.0** : latest 11.0.x version (**still in beta**) - **10.0** : latest 10.0.x version (stable) - **9.0** : latest 9.0.x version. (old stable) (unmaintained by this project) - **daily** : latest code (daily build).