commit 8a24e3b792ff1f138f4aa31d06559e409e7ec4c7 Author: Sebastian Hugentobler Date: Wed Aug 31 14:55:12 2016 +0200 initial commit diff --git a/.gitignore b/.gitignore new file mode 100755 index 0000000..93bfd12 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*~ +.DS_Store diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..3131497 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,47 @@ +FROM thallian/php7-fpm:latest + +RUN apk add --no-cache openssl tar nginx postgresql-client +RUN apk add --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/community/ --allow-untrusted \ + php7 \ + php7-ctype \ + php7-curl \ + php7-dom \ + php7-gd \ + php7-iconv \ + php7-json \ + php7-ldap \ + php7-xml \ + php7-xmlreader \ + php7-zlib \ + php7-zip \ + php7-pgsql \ + php7-pdo_pgsql \ + php7-openssl \ + php7-ftp \ + php7-session \ + php7-mbstring \ + php7-posix \ + php7-pcntl \ + php7-mcrypt \ + php7-bz2 \ + php7-exif \ + php7-imap + +RUN apk add --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ --allow-untrusted \ + php7-apcu + +RUN ln -s /usr/bin/php7 /usr/bin/php + +RUN mkdir /var/lib/nextcloud +RUN wget -qO- https://download.nextcloud.com/server/releases/nextcloud-10.0.0.tar.bz2 | tar xj -C /var/lib/nextcloud --strip 1 +RUN chown -R nginx:nginx /var/lib/nextcloud +RUN chmod +x /var/lib/nextcloud/occ + +RUN mkdir /run/nginx + +ADD /rootfs / + +ENV FPMUSER nginx +ENV FPMGROUP nginx + +VOLUME /var/lib/nextcloud/data diff --git a/rootfs/etc/confd/conf.d/config.php.toml b/rootfs/etc/confd/conf.d/config.php.toml new file mode 100644 index 0000000..a465de0 --- /dev/null +++ b/rootfs/etc/confd/conf.d/config.php.toml @@ -0,0 +1,6 @@ +[template] +src = "config.php.tmpl" +dest = "/var/lib/nextcloud/config/config.php" +gid = 101 +uid = 100 +mode = "0660" diff --git a/rootfs/etc/confd/conf.d/nginx.conf.toml b/rootfs/etc/confd/conf.d/nginx.conf.toml new file mode 100644 index 0000000..3e968ea --- /dev/null +++ b/rootfs/etc/confd/conf.d/nginx.conf.toml @@ -0,0 +1,3 @@ +[template] +src = "nginx.conf.tmpl" +dest = "/etc/nginx/nginx.conf" diff --git a/rootfs/etc/confd/templates/config.php.tmpl b/rootfs/etc/confd/templates/config.php.tmpl new file mode 100644 index 0000000..124ac9e --- /dev/null +++ b/rootfs/etc/confd/templates/config.php.tmpl @@ -0,0 +1,64 @@ + + array ( + '{{getenv "DOMAIN"}}' + ), +"user_backends" => array ( + 0 => array ( + "class" => "OC_User_IMAP", + "arguments" => array ( + 0 => '{{"{"}}{{getenv "IMAPAUTHHOST"}}{{"}"}}' + ), + ), + ), +'datadirectory' => '/var/lib/nextcloud/data', + +'dbtype' => 'pgsql', +'dbhost' => '{{getenv "DBHOST"}}', +'dbname' => '{{getenv "DBNAME"}}', +'dbuser' => '{{getenv "DBUSER"}}', +'dbpassword' => '{{getenv "DBPASSWORD"}}', +'dbtableprefix' => '{{getenv "DBTABLEPREFIX"}}', + +'skeletondirectory' => '', + +'mail_domain' => '{{getenv "MAILDOMAIN"}}', +'mail_from_address' => '{{getenv "MAILFROM"}}', +'mail_smtpdebug' => false, +'mail_smtpmode' => 'smtp', +'mail_smtphost' => '{{getenv "MAILSMTPHOST"}}', +'mail_smtpport' => {{getenv "MAILSMTPPORT"}}, +'mail_smtptimeout' => 10, +'mail_smtpsecure' => '{{getenv "MAILSMTPSECURITY"}}', +'mail_smtpauth' => {{getenv "MAILSMTPAUTH"}}, +'mail_smtpauthtype' => '{{getenv "MAILSMTPAUTHTYPE"}}', +'mail_smtpname' => '{{getenv "MAILSMTPNAME"}}', +'mail_smtppassword' => '{{getenv "MAILSMTPPASSWORD"}}', + +'overwritehost' => '{{getenv "DOMAIN"}}', +'overwriteprotocol' => 'https', +'overwritewebroot' => '', +'overwrite.cli.url' => 'https://{{getenv "DOMAIN"}}', + +'apps_paths' => array( + array( + 'path'=> '/var/lib/nextcloud/apps', + 'url' => '/apps', + 'writable' => true, + ), +), + +'supportedDatabases' => array( + 'pgsql', +), + +'memcache.local' => '\OC\Memcache\APCu', + +'assetdirectory' => '/var/lib/nextcloud', +'mount_file' => '/var/lib/nextcloud/data/mount.json', +'installed' => true, +'version' => '9.0.52.0', +); diff --git a/rootfs/etc/confd/templates/nginx.conf.tmpl b/rootfs/etc/confd/templates/nginx.conf.tmpl new file mode 100644 index 0000000..9d53605 --- /dev/null +++ b/rootfs/etc/confd/templates/nginx.conf.tmpl @@ -0,0 +1,106 @@ +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile off; + + keepalive_timeout 65; + + gzip off; + + upstream php { + server 127.0.0.1:9000; + } + + server { + listen 80; + + server_name {{getenv "DOMAIN"}}; + + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + root /var/lib/nextcloud/; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + location /.well-known/acme-challenge { } + + client_max_body_size {{getenv "MAXUPLOADSIZE"}}; + fastcgi_buffers 64 4K; + + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + location ~* \.(?:css|js)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=7200"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + access_log off; + } + } +} \ No newline at end of file diff --git a/rootfs/etc/cont-init.d/00-nextcloud b/rootfs/etc/cont-init.d/00-nextcloud new file mode 100644 index 0000000..3cebf37 --- /dev/null +++ b/rootfs/etc/cont-init.d/00-nextcloud @@ -0,0 +1,48 @@ +#!/usr/bin/with-contenv sh +set -ex + +chmod +x /var/lib/nextcloud/occ # for some reason it doesn't work when done from the Dockerfile + +if [ ! -f /var/lib/nextcloud/data/.ocdata ]; then + touch /var/lib/nextcloud/data/.ocdata +fi + +PGPASSWORD=$DBPASSWORD psql -h $DBHOST -U $DBUSER -d $DBNAME -c "SELECT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name = '${DBTABLEPREFIX}appconfig')" | grep f + +if [ $? -ne 1 ]; then + cd /var/lib/nextcloud + + s6-setuidgid nginx ./occ maintenance:install \ + --database=pgsql \ + --database-host=$DBHOST \ + --database-name=$DBNAME \ + --database-user=$DBUSER \ + --database-pass=$DBPASSWORD \ + --database-table-prefix=$DBTABLEPREFIX \ + --admin-user=$ADMINUSER \ + --admin-pass=$ADMINPASSWORD \ + --no-interaction + + s6-setuidgid nginx ./occ config:app:set --value cron core backgroundjobs_mode + s6-setuidgid nginx ./occ app:enable user_ldap + + s6-setuidgid nginx ./occ ldap:create-empty-config + + s6-setuidgid nginx ./occ ldap:set-config '' hasMemberOfFilterSupport "1" + s6-setuidgid nginx ./occ ldap:set-config '' ldapHost "$LDAPHOST" + s6-setuidgid nginx ./occ ldap:set-config '' ldapPort "$LDAPPORT" + s6-setuidgid nginx ./occ ldap:set-config '' ldapTLS "$LDAPTLS" + s6-setuidgid nginx ./occ ldap:set-config '' ldapAgentName "$LDAPBINDUSER" + s6-setuidgid nginx ./occ ldap:set-config '' ldapAgentPassword "$LDAPBINDPASSWORD" + s6-setuidgid nginx ./occ ldap:set-config '' ldapLoginFilter "$LDAPLOGINFILTER" + s6-setuidgid nginx ./occ ldap:set-config '' ldapUserDisplayName "$LDAPUSERDISPLAYNAME" + s6-setuidgid nginx ./occ ldap:set-config '' ldapUserFilter "$LDAPUSERFILTER" + s6-setuidgid nginx ./occ ldap:set-config '' ldapBase "$LDAPBASEDN" + s6-setuidgid nginx ./occ ldap:set-config '' ldapBaseUsers "$LDAPBASEUSERDN" + s6-setuidgid nginx ./occ ldap:set-config '' ldapEmailAttribute "$LDAPEMAILATTRIBUTE" + s6-setuidgid nginx ./occ ldap:set-config '' ldapBaseGroups "$LDAPBASEGROUPDN" + s6-setuidgid nginx ./occ ldap:set-config '' ldapGroupFilter "$LDAPGROUPFILTER" + s6-setuidgid nginx ./occ ldap:set-config '' ldapExpertUsernameAttr "$LDAPUSERNAMEATTRIBUTE" + s6-setuidgid nginx ./occ ldap:set-config '' turnOffCertCheck "$LDAPTURNOFFCERTCHECK" + s6-setuidgid nginx ./occ ldap:set-config '' ldapConfigurationActive "1" +fi diff --git a/rootfs/etc/fix-attrs.d/01-nextcloud-data-dir b/rootfs/etc/fix-attrs.d/01-nextcloud-data-dir new file mode 100644 index 0000000..1937a85 --- /dev/null +++ b/rootfs/etc/fix-attrs.d/01-nextcloud-data-dir @@ -0,0 +1 @@ +/var/lib/nextcloud/ true nginx 0640 0750 diff --git a/rootfs/etc/services.d/crond/run b/rootfs/etc/services.d/crond/run new file mode 100644 index 0000000..160060e --- /dev/null +++ b/rootfs/etc/services.d/crond/run @@ -0,0 +1,3 @@ +#!/usr/bin/with-contenv sh + +exec crond -f diff --git a/rootfs/etc/services.d/nginx/run b/rootfs/etc/services.d/nginx/run new file mode 100644 index 0000000..807d20a --- /dev/null +++ b/rootfs/etc/services.d/nginx/run @@ -0,0 +1,3 @@ +#!/usr/bin/with-contenv sh + +exec nginx -g "daemon off;" diff --git a/rootfs/var/spool/cron/crontabs/nginx b/rootfs/var/spool/cron/crontabs/nginx new file mode 100644 index 0000000..4fa2c27 --- /dev/null +++ b/rootfs/var/spool/cron/crontabs/nginx @@ -0,0 +1 @@ +*/15 * * * * php -f /var/lib/nextcloud/cron.php \ No newline at end of file