From a749c2ad77b8509f6522d2e807edaacd2d1aeccb Mon Sep 17 00:00:00 2001
From: pierreozoux <pierre@ozoux.net>
Date: Sat, 6 Aug 2016 08:26:39 +0100
Subject: [PATCH] first commit

---
 docker-compose.yml | 24 ++++++++++++
 nginx.conf         | 91 ++++++++++++++++++++++++++++++++++++++++++++++
 scripts/install    | 37 +++++++++++++++++++
 scripts/pre-backup |  5 +++
 4 files changed, 157 insertions(+)
 create mode 100644 docker-compose.yml
 create mode 100644 nginx.conf
 create mode 100755 scripts/install
 create mode 100755 scripts/pre-backup

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..a4bfb33
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,24 @@
+web:
+  image: nginx
+  volumes:
+    - ./nginx.conf:/etc/nginx/nginx.conf:ro
+  links:
+    - app
+  volumes_from:
+    - app
+  environment:
+    - HOST
+app:
+  image: indiehosters/nextcloud
+  links:
+    - db
+  volumes:
+    - ./data/apps:/var/www/html/apps
+    - ./data/config:/var/www/html/config
+    - ./data/data:/var/www/html/data
+db:
+  image: mysql
+  volumes:
+    - ./mysql/runtime:/var/lib/mysql
+  environment:
+    - MYSQL_ROOT_PASSWORD
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..1dcd3b1
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,91 @@
+user www-data;
+
+events {
+  worker_connections 768;
+}
+
+http {
+  upstream backend {
+      server app:9000;
+  }
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  server {
+    listen 80;
+    
+    # Add headers to serve security related headers
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Robots-Tag none;
+    add_header X-Download-Options noopen;
+    add_header X-Permitted-Cross-Domain-Policies none;
+
+    root /var/www/html;
+    client_max_body_size 10G; # 0=unlimited - set max upload size
+    fastcgi_buffers 64 4K;
+
+    gzip off;
+
+    index index.php;
+    error_page 403 /core/templates/403.php;
+    error_page 404 /core/templates/404.php;
+
+    rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
+    rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
+ 
+    location = /robots.txt {
+      allow all;
+      log_not_found off;
+      access_log off;
+    }
+      
+    location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
+      deny all;
+    }
+
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+      deny all;
+    }
+  
+    location / {
+      rewrite ^/remote/(.*) /remote.php last;
+      rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+      try_files $uri $uri/ =404;
+    }
+  
+    location ~ \.php(?:$|/) {
+      fastcgi_split_path_info ^(.+\.php)(/.+)$;
+      include fastcgi_params;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      fastcgi_param PATH_INFO $fastcgi_path_info;
+      fastcgi_param HTTPS on;
+      fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+      fastcgi_pass backend;
+      fastcgi_intercept_errors on;
+    }
+
+    # Adding the cache control header for js and css files
+    # Make sure it is BELOW the location ~ \.php(?:$|/) { block
+    location ~* \.(?:css|js)$ {
+      add_header Cache-Control "public, max-age=7200";
+      # Add headers to serve security related headers
+      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+      add_header X-Content-Type-Options nosniff;
+      add_header X-Frame-Options "SAMEORIGIN";
+      add_header X-XSS-Protection "1; mode=block";
+      add_header X-Robots-Tag none;
+      add_header X-Download-Options noopen;
+      add_header X-Permitted-Cross-Domain-Policies none;
+      # Optional: Don't log access to assets
+      access_log off;
+    }
+
+    # Optional: Don't log access to other assets
+    location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
+      access_log off;
+    }  
+  }
+}
diff --git a/scripts/install b/scripts/install
new file mode 100755
index 0000000..d166ef5
--- /dev/null
+++ b/scripts/install
@@ -0,0 +1,37 @@
+#!/bin/bash -eux
+
+mkdir -p ./data/config
+
+MYSQL_ROOT_PASSWORD=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs`
+
+echo "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" > env
+
+cat > ./data/config/config.php <<EOF
+<?php
+\$CONFIG = array (
+  'trusted_domains' => 
+  array (
+    0 => '${URL}',
+  ),
+  'datadirectory' => '/var/www/html/data',
+  'overwrite.cli.url' => 'https://${URL}',
+  'dbtype' => 'mysql',
+  'dbname' => 'owncloud',
+  'dbhost' => 'db:3306',
+  'dbtableprefix' => 'oc_',
+  'dbuser' => 'root',
+  'dbpassword' => '${MYSQL_ROOT_PASSWORD}',
+  'theme' => '',
+  'maintenance' => false,
+  'mail_domain' => '${MAIL_DOMAIN}',
+  'mail_from_address' => 'noreply.${URL}',
+  'mail_smtpmode' => 'smtp',
+  'mail_smtphost' => '${MAIL_HOST}',
+  'mail_smtpport' => '${MAIL_PORT}',
+  'mail_smtpauth' => 1,
+  'mail_smtpauthtype' => 'LOGIN',
+  'mail_smtpname' => 'noreply.${URL}@${MAIL_DOMAIN}',
+  'mail_smtppassword' => '${MAIL_PASS}',
+  'memcache.local' => '\\OC\\Memcache\\APCu',
+);
+EOF
diff --git a/scripts/pre-backup b/scripts/pre-backup
new file mode 100755
index 0000000..8d9511f
--- /dev/null
+++ b/scripts/pre-backup
@@ -0,0 +1,5 @@
+#!/bin/bash -eux
+URL=${PWD##*/}
+db_container_name=`echo ${URL}_db_1 | sed "s/\.//g" | sed "s/-//g"`; \
+
+docker exec $db_container_name bash -c 'mysqldump --all-databases --events -uroot -p$MYSQL_ROOT_PASSWORD' > ./mysql/dump.sql
-- 
GitLab