casjaysdevdocker/nextcloud
1
0
Fork 0
mirror of https://github.com/casjaysdevdocker/nextcloud synced 2025-01-18 00:34:24 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

🦈🏠🐜 Initial Commit 🐜🦈🏠

Browse Source
This commit is contained in:
casjay 2022-10-04 21:48:50 -04:00
commit 4954dce9b1
No known key found for this signature in database
GPG Key ID: 4F765975C1F0EE5F
26 changed files with 1066 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.dockerignore Normal file
View File

@ -0,0 +1,4 @@
# Files to ignore
.gitkeep
.gitignore
.node_modules/**

93
.gitignore vendored Normal file
View File

@ -0,0 +1,93 @@
# gitignore created on 10/04/22 at 21:47
# Disable reminder in prompt
ignoredirmessage
# OS generated files
### Linux ###
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
### macOS ###
# General
.DS_Store
.AppleDouble
.LSOverride
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
### macOS Patch ###
# iCloud generated files
*.icloud
### Windows ###
# Windows thumbnail cache files
Thumbs.db
Thumbs.db:encryptable
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# Other
**/.installed
# ignore commit message
**/.gitcommit
#ignore .failed
**/.build_failed
# ignore .bak files
**/*.bak
# ignore .no_push files
**/.no_push
# ignore .no_git files
**/.no_git

148
Dockerfile Normal file
View File

@ -0,0 +1,148 @@
FROM casjaysdevdocker/alpine:latest as build
ARG LICENSE=WTFPL \
IMAGE_NAME=nextcloud \
TIMEZONE=America/New_York \
PORT=8000 \
NEXTCLOUD_VERSION=24.0.5 \
ALPINE_VERSION=3.16 \
SMBCLIENT_VERSION=1.0.6
ENV SHELL=/bin/bash \
TERM=xterm-256color \
HOSTNAME=${HOSTNAME:-casjaysdev-$IMAGE_NAME} \
TZ=$TIMEZONE
RUN mkdir -p /bin/ /config/ /data/ && \
rm -Rf /bin/.gitkeep /config/.gitkeep /data/.gitkeep && \
apk update -U --no-cache \
apk add --no-cache curl gnupg tar unzip xz \
apk --update --no-cache add \
s6 \
bash \
ca-certificates \
curl \
ffmpeg \
imagemagick \
ghostscript \
libsmbclient \
libxml2 \
nginx \
openssl \
php8 \
php8-bcmath \
php8-bz2 \
php8-cli \
php8-ctype \
php8-curl \
php8-dom \
php8-exif \
php8-fileinfo \
php8-fpm \
php8-ftp \
php8-gd \
php8-gmp \
php8-iconv \
php8-intl \
php8-json \
php8-ldap \
php8-mbstring \
php8-opcache \
php8-openssl \
php8-pcntl \
php8-pecl-apcu \
php8-pecl-imagick \
php8-pecl-mcrypt \
php8-pecl-memcached \
php8-pdo \
php8-pdo_mysql \
php8-pdo_pgsql \
php8-pdo_sqlite \
php8-posix \
php8-redis \
php8-session \
php8-simplexml \
php8-sqlite3 \
php8-xml \
php8-xmlreader \
php8-xmlwriter \
php8-zip \
php8-zlib \
python3 \
py3-pip \
tzdata && \
apk --update --no-cache add -t build-dependencies \
autoconf \
automake \
build-base \
libtool \
pcre-dev \
php8-dev \
php8-pear \
samba-dev \
tar \
wget && \
pip3 install --upgrade pip && \
pip3 install nextcloud_news_updater && \
mv /etc/php8 /etc/php && ln -s /etc/php /etc/php8 && \
mv /etc/init.d/php-fpm8 /etc/init.d/php-fpm && ln -s /etc/init.d/php-fpm /etc/init.d/php-fpm8 && \
mv /etc/logrotate.d/php-fpm8 /etc/logrotate.d/php-fpm && ln -s /etc/logrotate.d/php-fpm /etc/logrotate.d/php-fpm8 && \
mv /var/log/php8 /var/log/php && ln -s /var/log/php /var/log/php8 && \
ln -s /usr/sbin/php-fpm8 /usr/sbin/php-fpm && \
cd /tmp && \
wget -q https://pecl.php.net/get/smbclient-${SMBCLIENT_VERSION}.tgz && \
pecl8 install smbclient-${SMBCLIENT_VERSION}.tgz && \
apk del build-dependencies && \
rm -rf /tmp/* /var/www/*
WORKDIR /tmp
RUN curl -SsOL "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" && \
curl -SsOL "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc" && \
curl -SsOL "https://nextcloud.com/nextcloud.asc"
RUN gpg --import "nextcloud.asc" && \
gpg --verify --batch --no-tty "nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc" "nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"
WORKDIR /dist/nextcloud
RUN tar -xjf "/tmp/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" --strip 1 -C .
RUN addgroup -g ${PGID} nextcloud && adduser -D -h /home/nextcloud -u ${PUID} -G nextcloud -s /bin/sh nextcloud
RUN rm -rf /tmp/*
COPY ./bin/. /usr/local/bin/
COPY ./config/. /config/
COPY ./data/. /data/
FROM scratch
ARG BUILD_DATE="$(date +'%Y-%m-%d %H:%M')"
LABEL org.label-schema.name="nextcloud" \
org.label-schema.description="Containerized version of nextcloud" \
org.label-schema.url="https://hub.docker.com/r/casjaysdevdocker/nextcloud" \
org.label-schema.vcs-url="https://github.com/casjaysdevdocker/nextcloud" \
org.label-schema.build-date=$BUILD_DATE \
org.label-schema.version=$BUILD_DATE \
org.label-schema.vcs-ref=$BUILD_DATE \
org.label-schema.license="$LICENSE" \
org.label-schema.vcs-type="Git" \
org.label-schema.schema-version="latest" \
org.label-schema.vendor="CasjaysDev" \
maintainer="CasjaysDev <docker-admin@casjaysdev.com>"
ENV SHELL="/bin/bash" \
TERM="xterm-256color" \
HOSTNAME="casjaysdev-nextcloud" \
TZ="${TZ:-America/New_York}"
WORKDIR /root
VOLUME ["/root","/config","/data"]
EXPOSE $PORT
COPY --from=build /. /
ENTRYPOINT [ "tini", "--" ]
HEALTHCHECK CMD [ "/usr/local/bin/entrypoint-nextcloud.sh", "healthcheck" ]
CMD [ "/usr/local/bin/entrypoint-nextcloud.sh" ]

13
LICENSE.md Normal file
View File

@ -0,0 +1,13 @@
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2022 casjay <git-admin@casjaysdev.com>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
1. You just DO WHAT THE FUCK YOU WANT TO.

49
README.md Normal file
View File

@ -0,0 +1,49 @@
## 👋 Welcome to nextcloud 🚀
nextcloud README
## Run container
```shell
dockermgr update nextcloud
```
### via command line
```shell
docker pull casjaysdevdocker/nextcloud:latest && \
docker run -d \
--restart always \
--name casjaysdevdocker-nextcloud \
--hostname casjaysdev-nextcloud \
-e TZ=${TIMEZONE:-America/New_York} \
-v $HOME/.local/share/srv/docker/nextcloud/files/data:/data:z \
-v $HOME/.local/share/srv/docker/nextcloud/files/config:/config:z \
-p 80:80 \
casjaysdevdocker/nextcloud:latest
```
### via docker-compose
```yaml
version: "2"
services:
nextcloud:
image: casjaysdevdocker/nextcloud
container_name: nextcloud
environment:
- TZ=America/New_York
- HOSTNAME=casjaysdev-nextcloud
volumes:
- $HOME/.local/share/srv/docker/nextcloud/files/data:/data:z
- $HOME/.local/share/srv/docker/nextcloud/files/config:/config:z
ports:
- 80:80
restart: always
```
## Authors
🤖 casjay: [Github](https://github.com/casjay) [Docker](https://hub.docker.com/r/casjay) 🤖
⛵ CasjaysDevDocker: [Github](https://github.com/casjaysdevdocker) [Docker](https://hub.docker.com/r/casjaysdevdocker) ⛵

0
bin/.gitkeep Normal file
View File

131
bin/entrypoint-nextcloud.sh Executable file
View File

@ -0,0 +1,131 @@
#!/usr/bin/env bash
# shellcheck shell=bash
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
##@Version : 202210042049-git
# @@Author : Jason Hempstead
# @@Contact : jason@casjaysdev.com
# @@License : WTFPL
# @@ReadME : entrypoint-nextcloud.sh --help
# @@Copyright : Copyright: (c) 2022 Jason Hempstead, Casjays Developments
# @@Created : Tuesday, Oct 04, 2022 20:49 EDT
# @@File : entrypoint-nextcloud.sh
# @@Description :
# @@Changelog : New script
# @@TODO : Better documentation
# @@Other :
# @@Resource :
# @@Terminal App : no
# @@sudo/root : no
# @@Template : other/docker-entrypoint
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
APPNAME="$(basename "$0" 2>/dev/null)"
VERSION="202210042049-git"
HOME="${USER_HOME:-$HOME}"
USER="${SUDO_USER:-$USER}"
RUN_USER="${SUDO_USER:-$USER}"
SCRIPT_SRC_DIR="${BASH_SOURCE%/*}"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set bash options
[ "$1" == "--debug" ] && set -xo pipefail && export SCRIPT_OPTS="--debug" && export _DEBUG="on"
[ "$1" == "--raw" ] && export SHOW_RAW="true"
set -o pipefail
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set functions
__version() { echo -e ${GREEN:-}"$VERSION"${NC:-}; }
__find() { ls -A "$*" 2>/dev/null; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# colorization
[ -n "$SHOW_RAW" ] || printf_color() { echo -e '\t\t'${2:-}"${1:-}${NC}"; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__exec_bash() {
local cmd="${*:-/bin/bash}"
local exitCode=0
echo "Executing command: $cmd"
$cmd || exitCode=10
return ${exitCode:-$?}
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Define default variables
TZ="${TZ:-America/New_York}"
HOSTNAME="${HOSTNAME:-casjaysdev-bin}"
BIN_DIR="${BIN_DIR:-/usr/local/bin}"
DATA_DIR="${DATA_DIR:-$(__find /data/ 2>/dev/null | grep '^' || false)}"
CONFIG_DIR="${CONFIG_DIR:-$(__find /config/ 2>/dev/null | grep '^' || false)}"
CONFIG_COPY="${CONFIG_COPY:-false}"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Additional variables
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Export variables
export TZ HOSTNAME
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# import variables from file
[ -f "/root/env.sh" ] && . "/root/env.sh"
[ -f "/config/.env.sh" ] && . "/config/.env.sh"
[ -f "/root/env.sh" ] && [ ! -f "/config/.env.sh" ] && cp -Rf "/root/env.sh" "/config/.env.sh"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set timezone
[ -n "${TZ}" ] && echo "${TZ}" >/etc/timezone
[ -f "/usr/share/zoneinfo/${TZ}" ] && ln -sf "/usr/share/zoneinfo/${TZ}" "/etc/localtime"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set hostname
if [ -n "${HOSTNAME}" ]; then
echo "${HOSTNAME}" >/etc/hostname
echo "127.0.0.1 ${HOSTNAME} localhost ${HOSTNAME}.local" >/etc/hosts
fi
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Delete any gitkeep files
[ -n "${CONFIG_DIR}" ] && { [ -d "${CONFIG_DIR}" ] && rm -Rf "${CONFIG_DIR}/.gitkeep" || mkdir -p "/config/"; }
[ -n "${DATA_DIR}" ] && { [ -d "${DATA_DIR}" ] && rm -Rf "${DATA_DIR}/.gitkeep" || mkdir -p "/data/"; }
[ -n "${BIN_DIR}" ] && { [ -d "${BIN_DIR}" ] && rm -Rf "${BIN_DIR}/.gitkeep" || mkdir -p "/bin/"; }
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Copy config files to /etc
if [ -n "${CONFIG_DIR}" ] && [ "${CONFIG_COPY}" = "true" ]; then
for config in ${CONFIG_DIR}; do
if [ -d "/config/$config" ]; then
[ -d "/etc/$config" ] || mkdir -p "/etc/$config"
cp -Rf "/config/$config/." "/etc/$config/"
elif [ -f "/config/$config" ]; then
cp -Rf "/config/$config" "/etc/$config"
fi
done
fi
[ -f "/etc/.env.sh" ] && rm -Rf "/etc/.env.sh"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Additional commands
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
case "$1" in
--help) # Help message
echo 'Docker container for '$APPNAME''
echo "Usage: $APPNAME [healthcheck, bash, command]"
echo "Failed command will have exit code 10"
echo
exitCode=$?
;;
healthcheck) # Docker healthcheck
/usr/local/bin/healthcheck
exitCode=$?
;;
*/bin/sh | */bin/bash | bash | shell | sh) # Launch shell
shift 1
__exec_bash "${@:-/bin/bash}"
exitCode=$?
;;
*) # Execute primary command
if [ $# -eq 0 ]; then
__exec_bash "/bin/bash"
else
__exec_bash "/bin/bash"
fi
exitCode=$?
;;
esac
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# end of entrypoint
exit ${exitCode:-$?}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

10
bin/healthcheck Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
set -e
if [ "$SIDECAR_NEWSUPDATER" = "1" ]; then
pgrep -f "/usr/bin/nextcloud-news-updater -c /etc/news_updater.ini"
elif [ "$SIDECAR_CRON" = "1" ] || [ "$SIDECAR_PREVIEWGEN" = "1" ]; then
pgrep -f "busybox crond -f -L /dev/stdout"
else
curl --fail http://127.0.0.1:12345/ping || exit 1
fi

3
bin/occ Executable file
View File

@ -0,0 +1,3 @@
#!/bin/sh
yasu nextcloud:nextcloud php -f /var/www/occ "$@"

0
config/.gitkeep Normal file
View File

5
config/cont-init.d/00-fix-logs.sh Normal file
View File

@ -0,0 +1,5 @@
#!/usr/bin/with-contenv sh
# shellcheck shell=sh
# Fix access rights to stdout and stderr
chown ${PUID}:${PGID} /proc/self/fd/1 /proc/self/fd/2 || true

12
config/cont-init.d/01-fix-uidgid.sh Normal file
View File

@ -0,0 +1,12 @@
#!/usr/bin/with-contenv sh
# shellcheck shell=sh
if [ -n "${PGID}" ] && [ "${PGID}" != "$(id -g nextcloud)" ]; then
echo "Switching to PGID ${PGID}..."
sed -i -e "s/^nextcloud:\([^:]*\):[0-9]*/nextcloud:\1:${PGID}/" /etc/group
sed -i -e "s/^nextcloud:\([^:]*\):\([0-9]*\):[0-9]*/nextcloud:\1:\2:${PGID}/" /etc/passwd
fi
if [ -n "${PUID}" ] && [ "${PUID}" != "$(id -u nextcloud)" ]; then
echo "Switching to PUID ${PUID}..."
sed -i -e "s/^nextcloud:\([^:]*\):[0-9]*:\([0-9]*\)/nextcloud:\1:${PUID}:\2/" /etc/passwd
fi

17
config/cont-init.d/02-fix-perms.sh Normal file
View File

@ -0,0 +1,17 @@
#!/usr/bin/with-contenv sh
# shellcheck shell=sh
echo "Fixing perms..."
mkdir -p /data \
/var/run/nginx \
/var/run/php-fpm
chown nextcloud. \
/data
chown -R nextcloud. \
/home/nextcloud \
/etc/tpls \
/var/lib/nginx \
/var/log/nginx \
/var/log/php* \
/var/run/nginx \
/var/run/php-fpm

175
config/cont-init.d/03-config.sh Normal file
View File

@ -0,0 +1,175 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
runas_user() {
yasu nextcloud:nextcloud "$@"
}
# From https://github.com/docker-library/mariadb/blob/master/docker-entrypoint.sh#L21-L41
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(<"${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
TZ=${TZ:-UTC}
MEMORY_LIMIT=${MEMORY_LIMIT:-512M}
UPLOAD_MAX_SIZE=${UPLOAD_MAX_SIZE:-512M}
CLEAR_ENV=${CLEAR_ENV:-yes}
OPCACHE_MEM_SIZE=${OPCACHE_MEM_SIZE:-128}
LISTEN_IPV6=${LISTEN_IPV6:-true}
APC_SHM_SIZE=${APC_SHM_SIZE:-128M}
REAL_IP_FROM=${REAL_IP_FROM:-0.0.0.0/32}
REAL_IP_HEADER=${REAL_IP_HEADER:-X-Forwarded-For}
LOG_IP_VAR=${LOG_IP_VAR:-remote_addr}
HSTS_HEADER=${HSTS_HEADER:-max-age=15768000; includeSubDomains}
XFRAME_OPTS_HEADER=${XFRAME_OPTS_HEADER:-SAMEORIGIN}
RP_HEADER=${RP_HEADER:-strict-origin}
DB_TYPE=${DB_TYPE:-sqlite}
DB_HOST=${DB_HOST:-db}
DB_NAME=${DB_NAME:-nextcloud}
DB_USER=${DB_USER:-nextcloud}
SIDECAR_CRON=${SIDECAR_CRON:-0}
SIDECAR_NEWSUPDATER=${SIDECAR_NEWSUPDATER:-0}
# Timezone
echo "Setting timezone to ${TZ}..."
ln -snf /usr/share/zoneinfo/${TZ} /etc/localtime
echo ${TZ} >/etc/timezone
# PHP-FPM
echo "Setting PHP-FPM configuration..."
sed -e "s/@MEMORY_LIMIT@/$MEMORY_LIMIT/g" \
-e "s/@UPLOAD_MAX_SIZE@/$UPLOAD_MAX_SIZE/g" \
-e "s/@CLEAR_ENV@/$CLEAR_ENV/g" \
/etc/tpls/etc/php/php-fpm.d/www.conf >/etc/php/php-fpm.d/www.conf
# PHP
echo "Setting PHP configuration..."
sed -e "s/@APC_SHM_SIZE@/$APC_SHM_SIZE/g" \
/etc/tpls/etc/php/conf.d/apcu.ini >/etc/php/conf.d/apcu.ini
sed -e "s/@OPCACHE_MEM_SIZE@/$OPCACHE_MEM_SIZE/g" \
/etc/tpls/etc/php/conf.d/opcache.ini >/etc/php/conf.d/opcache.ini
sed -e "s/@MEMORY_LIMIT@/$MEMORY_LIMIT/g" \
-e "s#@TIMEZONE@#$TZ#g" \
/etc/tpls/etc/php/conf.d/override.ini >/etc/php/conf.d/override.ini
# Nginx
echo "Setting Nginx configuration..."
sed -e "s/@UPLOAD_MAX_SIZE@/$UPLOAD_MAX_SIZE/g" \
-e "s#@REAL_IP_FROM@#$REAL_IP_FROM#g" \
-e "s#@REAL_IP_HEADER@#$REAL_IP_HEADER#g" \
-e "s#@LOG_IP_VAR@#$LOG_IP_VAR#g" \
-e "s/@HSTS_HEADER@/$HSTS_HEADER/g" \
-e "s/@XFRAME_OPTS_HEADER@/$XFRAME_OPTS_HEADER/g" \
-e "s/@RP_HEADER@/$RP_HEADER/g" \
-e "s#@SUBDIR@#$SUBDIR#g" \
/etc/tpls/etc/nginx/nginx.conf >/etc/nginx/nginx.conf
if [ "$LISTEN_IPV6" != "true" ]; then
sed -e '/listen \[::\]:/d' -i /etc/nginx/nginx.conf
fi
# Init Nextcloud
echo "Initializing Nextcloud files/folders..."
mkdir -p /data/config /data/data /data/session /data/tmp /data/userapps
if [ ! -d /data/themes ]; then
if [ -d /var/www/themes ]; then
mv -f /var/www/themes /data/
chown -R nextcloud. /data/themes
fi
mkdir -p /data/themes
elif [ -d /var/www/themes ]; then
rm -rf /var/www/themes
fi
chown nextcloud. /data/config /data/data /data/session /data/tmp /data/userapps /data/themes
ln -sf /data/config/config.php /var/www/config/config.php &>/dev/null
ln -sf /data/themes /var/www/themes &>/dev/null
ln -sf /data/userapps /var/www/userapps &>/dev/null
file_env 'DB_PASSWORD'
if [ -z "$DB_PASSWORD" ]; then
echo >&2 "ERROR: Either DB_PASSWORD or DB_PASSWORD_FILE must be defined"
exit 1
fi
# Install Nextcloud if config not found
if [ ! -f /data/config/config.php ]; then
# https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/automatic_configuration.html
touch /tmp/first-install
echo "Creating automatic configuration..."
cat >/var/www/config/autoconfig.php <<EOL
<?php
\$AUTOCONFIG = array(
'directory' => '/data/data',
'dbtype' => '${DB_TYPE}',
'dbname' => '${DB_NAME}',
'dbuser' => '${DB_USER}',
'dbpass' => '${DB_PASSWORD}',
'dbhost' => '${DB_HOST}',
'dbtableprefix' => '',
);
EOL
runas_user cat >/data/config/config.php <<EOL
<?php
\$CONFIG = array(
'datadirectory' => '/data/data',
'tempdirectory' => '/data/tmp',
'supportedDatabases' => array(
'sqlite',
'mysql',
'pgsql'
),
'logtimezone' => '${TZ}',
'logdateformat' => 'Y-m-d H:i:s',
'memcache.local' => '\\\OC\\\Memcache\\\APCu',
'apps_paths' => array(
array(
'path'=> '/var/www/apps',
'url' => '/apps',
'writable' => false,
),
array(
'path'=> '/data/userapps',
'url' => '/userapps',
'writable' => true,
),
),
'mail_smtpmode' => 'smtp'
);
EOL
fi
unset DB_USER
unset DB_PASSWORD
# https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#proxy-configurations
if [ -n "$SUBDIR" ]; then
cat >/var/www/config/subdir.config.php <<EOL
<?php
\$CONFIG = array(
'overwritewebroot' => '${SUBDIR}',
);
EOL
fi
# config directory must be writable
chown -R nextcloud. /var/www/config

51
config/cont-init.d/04-svc-main.sh Normal file
View File

@ -0,0 +1,51 @@
#!/usr/bin/with-contenv sh
# shellcheck shell=sh
SIDECAR_CRON=${SIDECAR_CRON:-0}
SIDECAR_PREVIEWGEN=${SIDECAR_PREVIEWGEN:-0}
SIDECAR_NEWSUPDATER=${SIDECAR_NEWSUPDATER:-0}
if [ "$SIDECAR_CRON" = "1" ] || [ "$SIDECAR_PREVIEWGEN" = "1" ] || [ "$SIDECAR_NEWSUPDATER" = "1" ]; then
exit 0
fi
# Override several config values of Nextcloud
echo "Bootstrapping configuration..."
yasu nextcloud:nextcloud php -f /etc/tpls/bootstrap.php >/tmp/config.php
yasu nextcloud:nextcloud cp /tmp/config.php /data/config/config.php
yasu nextcloud:nextcloud sed -i -e "s#@TZ@#$TZ#g" /data/config/config.php
# Upgrade Nextcloud if installed
if [ "$(occ status --no-ansi | grep 'installed: true')" != "" ]; then
echo "Upgrading Nextcloud..."
occ upgrade --no-ansi
fi
# First install ?
if [ -f /tmp/first-install ]; then
echo "Installing Nextcloud ${NEXTCLOUD_VERSION}..."
yasu nextcloud:nextcloud php /var/www/index.php &>/dev/null
rm -f /tmp/first-install
echo ">>"
echo ">> Open your browser to configure your admin account"
echo ">>"
fi
mkdir -p /etc/services.d/nginx
cat >/etc/services.d/nginx/run <<EOL
#!/usr/bin/execlineb -P
with-contenv
s6-setuidgid ${PUID}:${PGID}
nginx -g "daemon off;"
EOL
chmod +x /etc/services.d/nginx/run
mkdir -p /etc/services.d/php-fpm
cat >/etc/services.d/php-fpm/run <<EOL
#!/usr/bin/execlineb -P
with-contenv
s6-setuidgid ${PUID}:${PGID}
php-fpm -F
EOL
chmod +x /etc/services.d/php-fpm/run

40
config/cont-init.d/05-svc-cron.sh Normal file
View File

@ -0,0 +1,40 @@
#!/usr/bin/with-contenv sh
# shellcheck shell=sh
CRONTAB_PATH="/var/spool/cron/crontabs"
SIDECAR_CRON=${SIDECAR_CRON:-0}
# Continue only if sidecar cron container
if [ "$SIDECAR_CRON" != "1" ]; then
exit 0
fi
echo ">>"
echo ">> Sidecar cron container detected for Nextcloud"
echo ">>"
# Init
rm -rf ${CRONTAB_PATH}
mkdir -m 0644 -p ${CRONTAB_PATH}
touch ${CRONTAB_PATH}/nextcloud
# Cron
if [ -n "$CRON_PERIOD" ]; then
echo "Creating Nextcloud cron task with the following period fields : $CRON_PERIOD"
echo "${CRON_PERIOD} php -f /var/www/cron.php" >> ${CRONTAB_PATH}/nextcloud
else
echo "CRON_PERIOD env var empty..."
fi
# Fix perms
echo "Fixing crontabs permissions..."
chmod -R 0644 ${CRONTAB_PATH}
# Create service
mkdir -p /etc/services.d/cron
cat > /etc/services.d/cron/run <<EOL
#!/usr/bin/execlineb -P
with-contenv
exec busybox crond -f -L /dev/stdout
EOL
chmod +x /etc/services.d/cron/run

40
config/cont-init.d/06-svc-previewgen.sh Normal file
View File

@ -0,0 +1,40 @@
#!/usr/bin/with-contenv sh
# shellcheck shell=sh
CRONTAB_PATH="/var/spool/cron/crontabs"
SIDECAR_PREVIEWGEN=${SIDECAR_PREVIEWGEN:-0}
# Continue only if previewgen container
if [ "$SIDECAR_PREVIEWGEN" != "1" ]; then
exit 0
fi
echo ">>"
echo ">> Sidecar previews generator container detected for Nextcloud"
echo ">>"
# Init
rm -rf ${CRONTAB_PATH}
mkdir -m 0644 -p ${CRONTAB_PATH}
touch ${CRONTAB_PATH}/nextcloud
# Cron
if [ -n "$PREVIEWGEN_PERIOD" ]; then
echo "Creating Previews Generator cron task with the following period fields : $PREVIEWGEN_PERIOD"
echo "${PREVIEWGEN_PERIOD} php -f /var/www/occ preview:pre-generate" >> ${CRONTAB_PATH}/nextcloud
else
echo "PREVIEWGEN_PERIOD env var empty..."
fi
# Fix perms
echo "Fixing crontabs permissions..."
chmod -R 0644 ${CRONTAB_PATH}
# Create service
mkdir -p /etc/services.d/cron
cat > /etc/services.d/cron/run <<EOL
#!/usr/bin/execlineb -P
with-contenv
exec busybox crond -f -L /dev/stdout
EOL
chmod +x /etc/services.d/cron/run

38
config/cont-init.d/07-svc-news-updater.sh Normal file
View File

@ -0,0 +1,38 @@
#!/usr/bin/with-contenv sh
# shellcheck shell=sh
SIDECAR_NEWSUPDATER=${SIDECAR_NEWSUPDATER:-0}
NC_NEWSUPDATER_THREADS=${NC_NEWSUPDATER_THREADS:-10}
NC_NEWSUPDATER_TIMEOUT=${NC_NEWSUPDATER_TIMEOUT:-300}
NC_NEWSUPDATER_INTERVAL=${NC_NEWSUPDATER_INTERVAL:-900}
NC_NEWSUPDATER_LOGLEVEL=${NC_NEWSUPDATER_LOGLEVEL:-error}
# Continue only if sidecar news updater container
if [ "$SIDECAR_NEWSUPDATER" != "1" ]; then
exit 0
fi
echo ">>"
echo ">> Sidecar news updater container detected for Nextcloud"
echo ">>"
# Nextcloud News Updater config file (https://github.com/nextcloud/news-updater#usage)
cat > /etc/news_updater.ini <<EOL
[updater]
threads = ${NC_NEWSUPDATER_THREADS}
timeout = ${NC_NEWSUPDATER_TIMEOUT}
interval = ${NC_NEWSUPDATER_INTERVAL}
loglevel = ${NC_NEWSUPDATER_LOGLEVEL}
url = /var/www
mode = endless
EOL
# Create service
mkdir -p /etc/services.d/news-updater
cat > /etc/services.d/news-updater/run <<EOL
#!/usr/bin/execlineb -P
with-contenv
s6-setuidgid ${PUID}:${PGID}
/usr/bin/nextcloud-news-updater -c /etc/news_updater.ini
EOL
chmod +x /etc/services.d/news-updater/run

1
config/php/conf.d/smbclient.ini Normal file
View File

@ -0,0 +1 @@
extension=smbclient.so

10
config/tpls/bootstrap.php Normal file
View File

@ -0,0 +1,10 @@
<?php
include '/data/config/config.php';
$CONFIG['logtimezone'] = '@TZ@';
$CONFIG['logdateformat'] = 'Y-m-d H:i:s';
echo "<?php\n\n\$CONFIG = ";
var_export($CONFIG);
echo ";\n";

182
config/tpls/etc/nginx/nginx.conf Normal file
View File

@ -0,0 +1,182 @@
pid /var/run/nginx/nginx.pid;
worker_processes auto;
error_log /proc/self/fd/2 info;
events {
worker_connections 2048;
use epoll;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
aio threads;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
gzip off;
## Temp folders
client_body_temp_path /tmp/nginx 1 2;
proxy_temp_path /tmp/nginx-proxy;
fastcgi_temp_path /tmp/nginx-fastcgi;
uwsgi_temp_path /tmp/nginx-uwsgi;
scgi_temp_path /tmp/nginx-scgi;
## Handling of IPs in proxied and load balancing situations
set_real_ip_from @REAL_IP_FROM@;
real_ip_header @REAL_IP_HEADER@;
# Log
log_format main '$@LOG_IP_VAR@ - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /proc/self/fd/1 main;
## TCP options
tcp_nopush on;
tcp_nodelay on;
## Hide the Nginx version number
server_tokens off;
server {
listen 127.0.0.1:12345;
server_name _;
access_log off;
error_log /dev/null;
location / {
return 500;
}
location ~ ^/(status|ping)$ {
allow 127.0.0.1;
deny all;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
include fastcgi_params;
fastcgi_param SERVER_SOFTWARE "";
}
}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html
server {
listen 8000;
listen [::]:8000;
root /var/www;
index index.php index.html;
client_max_body_size @UPLOAD_MAX_SIZE@;
client_body_buffer_size 128k;
fastcgi_buffers 64 4K;
large_client_header_buffers 4 16k;
# https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html
add_header Strict-Transport-Security "@HSTS_HEADER@";
add_header Referrer-Policy "@RP_HEADER@" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "@XFRAME_OPTS_HEADER@" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 @SUBDIR@/remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ^~ /.well-known {
location = /.well-known/carddav {
return 301 @SUBDIR@/remote.php/dav/;
}
location = /.well-known/caldav {
return 301 @SUBDIR@/remote.php/dav/;
}
location /.well-known/acme-challenge {
try_files $uri $uri/ =404;
}
location /.well-known/pki-validation {
try_files $uri $uri/ =404;
}
return 301 @SUBDIR@/index.php$request_uri;
}
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SERVER_SOFTWARE "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 1200;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header Strict-Transport-Security "@HSTS_HEADER@";
add_header Referrer-Policy "@RP_HEADER@" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "@XFRAME_OPTS_HEADER@" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}
}

5
config/tpls/etc/php/conf.d/apcu.ini Normal file
View File

@ -0,0 +1,5 @@
extension=apcu.so
apc.enabled=1
apc.enable_cli=1
apc.shm_size=@APC_SHM_SIZE@
apc.ttl=7200

7
config/tpls/etc/php/conf.d/opcache.ini Normal file
View File

@ -0,0 +1,7 @@
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=32
opcache.max_accelerated_files=10000
opcache.memory_consumption=@OPCACHE_MEM_SIZE@
opcache.save_comments=1
opcache.revalidate_freq=1

2
config/tpls/etc/php/conf.d/override.ini Normal file
View File

@ -0,0 +1,2 @@
memory_limit=@MEMORY_LIMIT@
date.timezone=@TIMEZONE@

30
config/tpls/etc/php/php-fpm.d/www.conf Normal file
View File

@ -0,0 +1,30 @@
[global]
pid = /var/run/php-fpm/php-fpm.pid
daemonize = no
error_log = /proc/self/fd/2
[www]
listen = /var/run/php-fpm/php-fpm.sock
access.log = /dev/null
pm = dynamic
pm.max_children = 15
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 6
request_terminate_timeout = 0
clear_env = @CLEAR_ENV@
ping.path = /ping
ping.response = pong
env[PATH] = /usr/local/bin:/usr/bin:/bin
php_admin_value[always_populate_raw_post_data] = -1
php_admin_value[post_max_size] = @UPLOAD_MAX_SIZE@
php_admin_value[upload_max_filesize] = @UPLOAD_MAX_SIZE@
php_admin_value[max_execution_time] = 10800
php_admin_value[max_input_time] = 3600
php_admin_value[expose_php] = Off
php_admin_value[memory_limit] = @MEMORY_LIMIT@
php_admin_value[session.save_path] = /data/session

0
data/.gitkeep Normal file
View File