diff --git a/Dockerfile b/Dockerfile index 49b7d0e..47b9860 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,31 +1,76 @@ +FROM alpine:3.9 AS builder + +ENV NC_VERSION=15.0.5 +ENV NC_SHA256_SUM=4661869b797a340cd967abb3dbe6931b375434e0a44480346a27ccd73250b988 +RUN wget https://download.nextcloud.com/server/releases/nextcloud-$NC_VERSION.tar.bz2 +RUN echo "$NC_SHA256_SUM nextcloud-$NC_VERSION.tar.bz2" | sha256sum -c - || exit 1 +RUN mkdir -p /var/lib/nextcloud +RUN tar xjf nextcloud-$NC_VERSION.tar.bz2 -C /var/lib/nextcloud --strip 1 + +ENV TFA_VERSION=v2.1.2 +ENV TFA_SHA256_SUM=06bf8c01909c15efbe42b949532ba48a68adc9a275e43ede91249453a1ef468b +RUN wget https://github.com/nextcloud/twofactor_totp/releases/download/$TFA_VERSION/twofactor_totp.tar.gz +RUN echo "$TFA_SHA256_SUM twofactor_totp.tar.gz" | sha256sum -c - || exit 1 +RUN mkdir /var/lib/nextcloud/apps/twofactor_totp +RUN tar xzf twofactor_totp.tar.gz -C /var/lib/nextcloud/apps/twofactor_totp --strip 1 + +ENV U2F_VERSION=v2.1.2 +ENV U2F_SHA256_SUM=aad32baf2d8bc2cb48ef59370c138965388d37457b7a5799573500fdf026ecc2 +RUN wget https://github.com/nextcloud/twofactor_u2f/releases/download/$U2F_VERSION/twofactor_u2f.tar.gz +RUN echo "$U2F_SHA256_SUM twofactor_u2f.tar.gz" | sha256sum -c - || exit 1 +RUN mkdir /var/lib/nextcloud/apps/twofactor_u2f +RUN tar xzf twofactor_u2f.tar.gz -C /var/lib/nextcloud/apps/twofactor_u2f --strip 1 + +ENV POLLS_VERSION=v0.10.2 +ENV POLLS_SHA256_SUM=2c43324d4499ff9316d82acd4ea242828da04d21bc463b8cc436d2c7f2c8ed2b +RUN wget https://github.com/nextcloud/polls/releases/download/$POLLS_VERSION/polls.tar.gz +RUN echo "$POLLS_SHA256_SUM polls.tar.gz" | sha256sum -c - || exit 1 +RUN mkdir /var/lib/nextcloud/apps/polls +RUN tar xzf polls.tar.gz -C /var/lib/nextcloud/apps/polls --strip 1 + FROM thallian/php7-fpm:latest -ENV FPMUSER nginx -ENV FPMGROUP nginx +COPY --from=builder /var/lib/nextcloud /var/lib/nextcloud + +ENV FPMUSER=nginx +ENV FPMGROUP=nginx +ENV PHP_MEMORY_LIMIT=512M RUN apk add --no-cache \ nginx \ - nextcloud \ - nextcloud-user_ldap \ - nextcloud-files_sharing \ - nextcloud-files_texteditor \ - nextcloud-files_pdfviewer \ - nextcloud-files_videoplayer \ - nextcloud-theming \ - nextcloud-gallery \ - nextcloud-twofactor_backupcodes \ - nextcloud-pgsql \ + ffmpeg \ + php7-cli \ php7-opcache \ php7-pcntl \ - php7-imagick + php7-imagick \ + php7-ctype \ + php7-curl \ + php7-dom \ + php7-gd \ + php7-iconv \ + php7-xml \ + php7-json \ + php7-mbstring \ + php7-openssl \ + php7-posix \ + php7-session \ + php7-simplexml \ + php7-xmlreader \ + php7-xmlwriter \ + php7-zip \ + php7-zlib \ + php7-pdo_pgsql \ + php7-bz2 \ + php7-fileinfo \ + php7-intl \ + php7-exif \ + php7-ldap RUN chown -R nginx:nginx /var/lib/nextcloud -RUN chown -R nginx:nginx /etc/nextcloud -RUN chown -R nginx:nginx /usr/share/webapps/nextcloud RUN mkdir /run/nginx RUN rm /etc/nginx/conf.d/default.conf ADD /rootfs / -VOLUME [ "/var/lib/nextcloud/data", "/etc/nextcloud" ] +VOLUME [ "/var/lib/nextcloud/data", "/var/lib/nextcloud/config" ] diff --git a/README.md b/README.md index 494f430..16920a1 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ setting the app_path with occ. # Volumes - `/var/lib/nextcloud/data` -- `/etc/nextcloud/` +- `/var/lib/nextcloud/config` # Environment Variables ## DOMAIN diff --git a/rootfs/etc/confd/templates/nextcloud.conf.tmpl b/rootfs/etc/confd/templates/nextcloud.conf.tmpl index d9c89c2..de3cb1b 100644 --- a/rootfs/etc/confd/templates/nextcloud.conf.tmpl +++ b/rootfs/etc/confd/templates/nextcloud.conf.tmpl @@ -16,7 +16,7 @@ server { add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; - root /usr/share/webapps/nextcloud/; + root /var/lib/nextcloud/; location = /robots.txt { allow all; @@ -24,17 +24,17 @@ server { access_log off; } - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; } - - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; } - + client_max_body_size {{getenv "MAX_UPLOAD_SIZE"}}; fastcgi_buffers 64 4K; - + gzip on; gzip_vary on; gzip_comp_level 4; @@ -59,7 +59,7 @@ server { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; - + #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; diff --git a/rootfs/etc/cont-init.d/00-nextcloud b/rootfs/etc/cont-init.d/00-nextcloud index f4343c0..597ba83 100644 --- a/rootfs/etc/cont-init.d/00-nextcloud +++ b/rootfs/etc/cont-init.d/00-nextcloud @@ -1,35 +1,47 @@ #!/usr/bin/with-contenv sh set -ex -cd /usr/share/webapps/nextcloud +cd /var/lib/nextcloud +chmod +x ./occ if [ ! -f /var/lib/nextcloud/data/.installed ]; then s6-setuidgid nginx ./occ maintenance:install \ --database=pgsql \ - --database-host=$DB_HOST \ - --database-name=$DB_NAME \ - --database-user=$DB_USER \ - --database-pass=$DB_PASSWORD \ - --database-table-prefix=$DB_TABLE_PREFIX \ - --admin-user=$ADMIN_USER \ - --admin-pass=$ADMIN_PASSWORD \ + --database-host="$DB_HOST" \ + --database-name="$DB_NAME" \ + --database-user="$DB_USER" \ + --database-pass="$DB_PASSWORD" \ + --database-table-prefix="$DB_TABLE_PREFIX" \ + --admin-user="$ADMIN_USER" \ + --admin-pass="$ADMIN_PASSWORD" \ --data-dir=/var/lib/nextcloud/data/ \ --no-interaction - s6-setuidgid nginx ./occ config:app:set --value cron core backgroundjobs_mode - s6-setuidgid nginx ./occ app:enable user_ldap - s6-setuidgid nginx ./occ app:enable files_sharing - s6-setuidgid nginx ./occ app:enable files_texteditor - s6-setuidgid nginx ./occ app:enable files_pdfviewer - s6-setuidgid nginx ./occ app:enable files_videoplayer - s6-setuidgid nginx ./occ app:enable theming - s6-setuidgid nginx ./occ app:enable gallery - s6-setuidgid nginx ./occ app:enable twofactor_totp - s6-setuidgid nginx ./occ app:enable twofactor_backupcodes - touch /var/lib/nextcloud/data/.installed fi +s6-setuidgid nginx ./occ config:app:set --value cron core backgroundjobs_mode +s6-setuidgid nginx ./occ app:enable user_ldap +s6-setuidgid nginx ./occ app:enable files_sharing +s6-setuidgid nginx ./occ app:enable files_texteditor +s6-setuidgid nginx ./occ app:enable files_pdfviewer +s6-setuidgid nginx ./occ app:enable files_videoplayer +s6-setuidgid nginx ./occ app:enable theming +s6-setuidgid nginx ./occ app:enable gallery +s6-setuidgid nginx ./occ app:enable twofactor_totp +s6-setuidgid nginx ./occ app:enable twofactor_backupcodes +s6-setuidgid nginx ./occ app:enable twofactor_u2f +s6-setuidgid nginx ./occ app:enable polls +s6-setuidgid nginx ./occ app:disable activity +s6-setuidgid nginx ./occ app:disable comments +s6-setuidgid nginx ./occ app:disable files_trashbin +s6-setuidgid nginx ./occ app:disable firstrunwizard +s6-setuidgid nginx ./occ app:disable logreader +s6-setuidgid nginx ./occ app:disable password_policy +s6-setuidgid nginx ./occ app:disable support +s6-setuidgid nginx ./occ app:disable survey_client +s6-setuidgid nginx ./occ app:disable updatenotification + s6-setuidgid nginx ./occ config:system:set --value "https://$DOMAIN" overwrite.cli.url s6-setuidgid nginx ./occ config:system:set --value "localhost" trusted_domains 0 s6-setuidgid nginx ./occ config:system:set --value "$DOMAIN" trusted_domains 1 diff --git a/rootfs/etc/fix-attrs.d/01-nextcloud-data-dir b/rootfs/etc/fix-attrs.d/01-nextcloud-data-dir index 3f9c6f8..f545e9c 100644 --- a/rootfs/etc/fix-attrs.d/01-nextcloud-data-dir +++ b/rootfs/etc/fix-attrs.d/01-nextcloud-data-dir @@ -1,3 +1,2 @@ /var/lib/nextcloud/ true nginx 0640 0750 -/etc/nextcloud/ true nginx 0640 0750 -/usr/share/webapps/nextcloud/apps true nginx 0640 0750 +/var/lib/nextcloud/config true nginx 0640 0750