Commit e4edabb6 authored by Timothee Gosselin's avatar Timothee Gosselin

use own image to remove volume & config with env var

parent db9fcffe
ARG VERSION=latest
FROM nextcloud:$VERSION
WORKDIR /usr/src/nextcloud/
RUN chown -R 33:33 /usr/src/nextcloud/apps
RUN chown -R 33:33 /usr/src/nextcloud/data
COPY scripts/apps.sh scripts/apps.sh
COPY config/* /usr/src/nextcloud/config/
RUN ./scripts/apps.sh instal
RUN ./scripts/apps.sh remove
RUN chown -R 33:33 /usr/src/nextcloud/custom_apps
RUN chown -R 33:33 /usr/src/nextcloud/config
COPY scripts scripts
USER www-data
ENTRYPOINT [""]
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
FROM php:7.3-fpm-buster
# entrypoint.sh and cron.sh dependencies
RUN set -ex; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
bzip2 \
busybox-static \
; \
rm -rf /var/lib/apt/lists/*;
# install the PHP extensions we need
# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libcurl4-openssl-dev \
libevent-dev \
libfreetype6-dev \
libicu-dev \
libjpeg-dev \
libldap2-dev \
libmcrypt-dev \
libmemcached-dev \
libpng-dev \
libpq-dev \
libxml2-dev \
libmagickwand-dev \
libzip-dev \
libwebp-dev \
; \
\
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr; \
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
docker-php-ext-install -j "$(nproc)" \
exif \
gd \
intl \
ldap \
opcache \
pcntl \
pdo_mysql \
pdo_pgsql \
zip \
; \
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-5.1.17; \
pecl install memcached-3.1.4; \
pecl install redis-4.3.0; \
pecl install imagick-3.4.4; \
\
docker-php-ext-enable \
apcu \
memcached \
redis \
imagick \
; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
# set recommended PHP.ini settings
# see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
RUN { \
echo 'opcache.enable=1'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.memory_consumption=128'; \
echo 'opcache.save_comments=1'; \
echo 'opcache.revalidate_freq=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
\
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
\
echo 'memory_limit=512M' > /usr/local/etc/php/conf.d/memory-limit.ini; \
\
mkdir /var/www/data; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
ENV NEXTCLOUD_VERSION 16.0.5
RUN set -ex; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fsSL -o nextcloud.tar.bz2 \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
curl -fsSL -o nextcloud.tar.bz2.asc \
"https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://nextcloud.com/nextcloud.asc
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
tar -xjf nextcloud.tar.bz2 -C /var/www/html/ --strip-components 1; \
gpgconf --kill all; \
rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
rm -rf /var/www/html/updater; \
mkdir -p /var/www/html/data; \
touch /var/www/html/data/.ocdata; \
mkdir -p /var/www/html/custom_apps; \
chmod +x /var/www/html/occ; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY --chown=www-data:root config/* /var/www/html/config/
RUN chown -R www-data:root /var/www; \
chmod -R g=u /var/www
CMD ["php-fpm"]
<?php
$CONFIG = array(
/**
* Defaults to ``en``
*/
'default_language' => 'en',
/**
* Defaults to ``false``
*/
'force_language' => 'en',
/**
* Defaults to ``en``
*/
'default_locale' => 'en_US',
/**
* Defaults to ``false``
*/
'force_locale' => 'en_US',
'defaultapp' => 'files',
'knowledgebaseenabled' => true,
'allow_user_to_change_display_name' => true,
'remember_login_cookie_lifetime' => 60*60*24*15,
'session_lifetime' => 60 * 60 * 24,
'session_keepalive' => true,
/**
* Enforce token authentication for clients, which blocks requests using the user
* password for enhanced security. Users need to generate tokens in personal settings
* which can be used as passwords on their clients.
*
* Defaults to ``false``
*/
'token_auth_enforced' => false,
'auth.bruteforce.protection.enabled' => true,
'skeletondirectory' => '/path/to/nextcloud/core/skeleton',
'user_backends' => array(
array(
'class' => 'OC_User_IMAP',
'arguments' => array('{imap.gmail.com:993/imap/ssl}INBOX')
)
),
'lost_password_link' => 'https://example.org/link/to/password/reset',
'mail_domain' => 'example.com',
'mail_from_address' => 'nextcloud',
'mail_smtpdebug' => false,
'mail_smtpmode' => 'smtp',
'mail_smtphost' => '127.0.0.1',
'mail_smtpport' => 25,
'mail_smtptimeout' => 10,
'mail_smtpsecure' => '',
'mail_smtpauth' => false,
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpname' => '',
'mail_smtppassword' => '',
'mail_template_class' => '\OC\Mail\EMailTemplate',
'mail_send_plaintext_only' => false,
'mail_sendmailmode' => 'smtp',
q
'overwritehost' => '',
'overwriteprotocol' => '',
'overwritewebroot' => '',
'overwritecondaddr' => '',
'overwrite.cli.url' => '',
'htaccess.RewriteBase' => '/',
'htaccess.IgnoreFrontController' => false,
'proxy' => '',
'proxyuserpwd' => '',
'trashbin_retention_obligation' => 'auto',
'versions_retention_obligation' => 'auto',
'appcodechecker' => true,
'updatechecker' => true,
'updater.server.url' => 'https://updates.nextcloud.com/updater_server/',
'updater.release.channel' => 'stable',
'has_internet_connection' => true,
'connectivity_check_domains' => array(
'www.nextcloud.com',
'www.startpage.com',
'www.eff.org',
'www.edri.org'
),
'check_for_working_wellknown_setup' => true,
'check_for_working_htaccess' => true,
'check_data_directory_permissions' => true,
'config_is_read_only' => false,
'log_type' => 'file',
'logfile' => '/var/log/nextcloud.log',
'logfilemode' => 0640,
'loglevel' => 2,
'syslog_tag' => 'Nextcloud',
'log.condition' => [
'shared_secret' => '57b58edb6637fe3059b3595cf9c41b9',
'users' => ['sample-user'],
'apps' => ['files'],
],
'logdateformat' => 'F d, Y H:i:s',
'logtimezone' => 'Europe/Berlin',
'log_query' => false,
'log_rotate_size' => 100 * 1024 * 1024,
'customclient_desktop' =>
'https://nextcloud.com/install/#install-clients',
'customclient_android' =>
'https://play.google.com/store/apps/details?id=com.nextcloud.client',
'customclient_ios' =>
'https://itunes.apple.com/us/app/nextcloud/id1125420102?mt=8',
'customclient_ios_appid' =>
'1125420102',
'appstoreenabled' => true,
'apps_paths' => array(
array(
'path'=> '/var/www/nextcloud/apps',
'url' => '/apps',
'writable' => true,
),
),
'enable_previews' => true,
'preview_max_x' => 4096,
'preview_max_y' => 4096,
'preview_max_filesize_image' => 50,
'preview_libreoffice_path' => '/usr/bin/libreoffice',
'preview_office_cl_parameters' =>
'enabledPreviewProviders' => array(
'OC\Preview\PNG',
'OC\Preview\JPEG',
'OC\Preview\GIF',
'OC\Preview\HEIC',
'OC\Preview\BMP',
'OC\Preview\XBitmap',
'OC\Preview\MP3',
'OC\Preview\TXT',
'OC\Preview\MarkDown'
),
'ldapUserCleanupInterval' => 51,
'sort_groups_by_name' => false,
'comments.managerFactory' => '\OC\Comments\ManagerFactory',
'systemtags.managerFactory' => '\OC\SystemTag\ManagerFactory',
'maintenance' => false,
'openssl' => array(
'config' => '/absolute/location/of/openssl.cnf',
),
'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Memcached',
'redis' => [
'host' => 'localhost', // can also be a unix domain socket: '/tmp/redis.sock'
'port' => 6379,
'timeout' => 0.0,
'password' => '', // Optional, if not defined no password will be used.
'dbindex' => 0, // Optional, if undefined SELECT will not run and will use Redis Server's default DB Index.
],
'redis.cluster' => [
'seeds' => [ // provide some/all of the cluster servers to bootstrap discovery, port required
'localhost:7000',
'localhost:7001',
],
'timeout' => 0.0,
'read_timeout' => 0.0,
'failover_mode' => \RedisCluster::FAILOVER_ERROR,
'password' => '', // Optional, if not defined no password will be used.
],
'memcached_servers' => array(
array('localhost', 11211),
//array('other.host.local', 11211),
),
'memcached_options' => array(
// Set timeouts to 50ms
\Memcached::OPT_CONNECT_TIMEOUT => 50,
\Memcached::OPT_RETRY_TIMEOUT => 50,
\Memcached::OPT_SEND_TIMEOUT => 50,
\Memcached::OPT_RECV_TIMEOUT => 50,
\Memcached::OPT_POLL_TIMEOUT => 50,
// Enable compression
\Memcached::OPT_COMPRESSION => true,
// Turn on consistent hashing
\Memcached::OPT_LIBKETAMA_COMPATIBLE => true,
// Enable Binary Protocol
\Memcached::OPT_BINARY_PROTOCOL => true,
// Binary serializer vill be enabled if the igbinary PECL module is available
//\Memcached::OPT_SERIALIZER => \Memcached::SERIALIZER_IGBINARY,
),
'cache_path' => '',
'cache_chunk_gc_ttl' => 60*60*24,
'objectstore' => [
'class' => 'OC\\Files\\ObjectStore\\Swift',
'arguments' => [
// trystack will use your facebook id as the user name
'username' => 'facebook100000123456789',
// in the trystack dashboard go to user -> settings -> API Password to
// generate a password
'password' => 'Secr3tPaSSWoRdt7',
// must already exist in the objectstore, name can be different
'container' => 'nextcloud',
// prefix to prepend to the fileid, default is 'oid:urn:'
'objectPrefix' => 'oid:urn:',
// create the container if it does not exist. default is false
'autocreate' => true,
// required, dev-/trystack defaults to 'RegionOne'
'region' => 'RegionOne',
// The Identity / Keystone endpoint
'url' => 'http://8.21.28.222:5000/v2.0',
// required on dev-/trystack
'tenantName' => 'facebook100000123456789',
// dev-/trystack uses swift by default, the lib defaults to 'cloudFiles'
// if omitted
'serviceName' => 'swift',
// The Interface / url Type, optional
'urlType' => 'internal'
],
],
'objectstore' => [
'class' => 'OC\\Files\\ObjectStore\\Swift',
'arguments' => [
'autocreate' => true,
'user' => [
'name' => 'swift',
'password' => 'swift',
'domain' => [
'name' => 'default',
],
],
'scope' => [
'project' => [
'name' => 'service',
'domain' => [
'name' => 'default',
],
],
],
'tenantName' => 'service',
'serviceName' => 'swift',
'region' => 'regionOne',
'url' => 'http://yourswifthost:5000/v3',
'bucket' => 'nextcloud',
],
],
'sharing.managerFactory' => '\OC\Share20\ProviderFactory',
'sharing.maxAutocompleteResults' => 0,
'sharing.minSearchStringLength' => 0,
'dbdriveroptions' => array(
PDO::MYSQL_ATTR_SSL_CA => '/file/path/to/ca_cert.pem',
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET wait_timeout = 28800'
),
'sqlite.journal_mode' => 'DELETE',
'mysql.utf8mb4' => false,
'supportedDatabases' => array(
'sqlite',
'mysql',
'pgsql',
'oci',
),
'tempdirectory' => '/tmp/nextcloudtemp',
'hashingCost' => 10,
'blacklisted_files' => array('.htaccess'),
'share_folder' => '/',
'theme' => '',
'cipher' => 'AES-256-CFB',
'minimum.supported.desktop.version' => '2.0.0',
'quota_include_external_storage' => false,
'filesystem_check_changes' => 0,
'part_file_in_storage' => true,
'mount_file' => '/var/www/nextcloud/data/mount.json',
'filesystem_cache_readonly' => false,
'secret' => '',
'trusted_proxies' => array('203.0.113.45', '198.51.100.128', '192.168.2.0/24'),
'forwarded_for_headers' => array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'),
'max_filesize_animated_gifs_public_sharing' => 10,
'filelocking.enabled' => true,
'filelocking.ttl' => 60*60,
'memcache.locking' => '\\OC\\Memcache\\Redis',
'filelocking.debug' => false,
'upgrade.disable-web' => false,
'debug' => false,
'data-fingerprint' => '',
'copied_sample_config' => true,
'lookup_server' => 'https://lookup.nextcloud.com',
'gs.enabled' => false,
'gs.federation' => 'internal',
'csrf.optout' => array(
'/^WebDAVFS/', // OS X Finder
'/^Microsoft-WebDAV-MiniRedir/', // Windows webdav drive
),
'simpleSignUpLink.shown' => true,
'login_form_autocomplete' => true,
);
\ No newline at end of file
......@@ -4,11 +4,10 @@ $CONFIG = array (
'secret' => getenv('SECRET'),
'trusted_domains' =>
array (
0 => 'localhost',
0 => getenv('NEXTCLOUD_TRUSTED_DOMAINS') ?: 'localhost',
),
'overwrite.cli.url' => getenv('OVERWRITE_CLI_URL') ?: 'http://localhost',
'overwriteprotocol' => getenv('OVERWRITE_PROTOCOL') ?: '',
'datadirectory' => getenv('DATA_DIRECTORY') ?: '/usr/src/nextcloud/data',
'version' => getenv('VERSION'),
'debug' => getenv('DEBUG'),
'instanceid' => getenv('INSTANCE_ID'),
......
......@@ -6,6 +6,6 @@ $CONFIG = array (
'dbport' => getenv('DB_PORT'),
'dbtableprefix' => getenv('DB_TABLE_PREFIX'),
'mysql.utf8mb4' => getenv('MYSQL_UTF8MB4'),
'dbuser' => getenv('DB_USERNAME'),
'dbuser' => getenv('DB_USER'),
'dbpassword' => getenv('DB_PASSWORD'),
);
\ No newline at end of file
);
#!/bin/sh
set -eu
echo "New nextcloud instance"
if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
# shellcheck disable=SC2016
......@@ -14,20 +17,15 @@ if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ];
fi
install=false
if [ -n "${SQLITE_DATABASE+x}" ]; then
if [ ${DB_TYPE} = "sqlite" ]; then
echo "Installing with SQLite database"
# shellcheck disable=SC2016
install_options=$install_options' --database-name "$SQLITE_DATABASE"'
install=true
elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
echo "Installing with MySQL database"
# shellcheck disable=SC2016
install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
install_options=$install_options' --database-name "$DB_NAME"'
install=true
elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
echo "Installing with PostgreSQL database"
elif [ ${DB_TYPE} = "pgsql" ] || [ ${DB_TYPE} = "mysql" ]; then
echo "Installing with ${DB_TYPE} database"
# shellcheck disable=SC2016
install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
install_options=$install_options' --database $DB_TYPE --database-name "$DB_NAME" --database-user "$DB_USER" --database-pass "$DB_PASSWORD" --database-host "$DB_HOST"'
install=true
fi
......@@ -48,27 +46,27 @@ if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ];
exit 1
fi
if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
echo "setting trusted domains…"
NC_TRUSTED_DOMAIN_IDX=1
for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
sh -c "php /usr/src/nextcloud/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
done
fi
# if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
# echo "setting trusted domains…"
# NC_TRUSTED_DOMAIN_IDX=1
# for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
# DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
# sh -c "php /usr/src/nextcloud/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
# NC_TRUSTED_DOMAIN_IDX=$(($NC_TRUSTED_DOMAIN_IDX+1))
# done
# fi
for app in $(cat /usr/src/nextcloud/config/apps_enable); do
app=$(echo $app| cut -d '=' -f1)
echo "enabling app $app"
sh -c "php /usr/src/nextcloud/occ app:enable $app"
done
# for app in $(cat /usr/src/nextcloud/config/apps_enable); do
# app=$(echo $app| cut -d '=' -f1)
# echo "enabling app $app"
# sh -c "php /usr/src/nextcloud/occ app:enable $app"
# done
for app in $(cat /usr/src/nextcloud/config/apps_disable); do
echo "disabling app $app"
sh -c "php /usr/src/nextcloud/occ app:disable $app"
done
fi
# for app in $(cat /usr/src/nextcloud/config/apps_disable); do
# echo "disabling app $app"
# sh -c "php /usr/src/nextcloud/occ app:disable $app"
# done
fi
else
echo "running web-based installer on first connect!"
......
#!/bin/sh
set -eu
for i in $(cat /usr/src/nextcloud/config/apps_enable)
do
app=$(echo $i | cut -d '=' -f1)
version=$(echo $i | cut -d '=' -f2)
url=$(echo $i | cut -d '=' -f3)
echo "downloading app $app"
curl -Ls $url -o $app.tar.gz
tar xzf $app.tar.gz
mv $app /usr/src/nextcloud/custom_apps
rm $app.tar.gz
done
\ No newline at end of file
#!/bin/sh
set -eu
for app in $(cat /usr/src/nextcloud/config/apps_remove)
do
echo "removing app $app"
rm -R /usr/src/nextcloud/apps/$app
done
\ No newline at end of file
#!/bin/sh
set -eu
echo "Starting nextcloud instance"
touch /usr/src/nextcloud/.ocdata
exec "$@"
#!/bin/sh
set -eu
echo "Upgrading nextcloud to $VERSION ..."
echo "Initializing nextcloud $image_version ..."
echo "Upgrading nextcloud from $installed_version ..."
sh -c 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
sh -c 'php /var/www/html/occ upgrade'
sh -c 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
echo "The following apps have been disabled:"
diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
rm -f /tmp/list_before /tmp/list_after
for i in $(cat apps_enable)
do
app=${i%=*}
sh -c "php /usr/src/app/nextcloud/occ app:enable $app"
done
echo "Upgrade finished"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment