From 301dffdcc4b16d08cf86df61cb7fef41a76fc865 Mon Sep 17 00:00:00 2001 From: aptalca Date: Sun, 5 Jun 2022 12:55:50 -0400 Subject: [PATCH] bring in line with latest tag --- .github/workflows/external_trigger.yml | 2 +- Dockerfile | 7 ++--- Dockerfile.aarch64 | 7 ++--- Dockerfile.armhf | 7 ++--- Jenkinsfile | 2 +- README.md | 1 + jenkins-vars.yml | 2 +- readme-vars.yml | 1 + root/defaults/default | 37 +++++++++++++++++++------- 9 files changed, 45 insertions(+), 21 deletions(-) diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 80ee945..1ebdfa6 100755 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -18,7 +18,7 @@ jobs: fi echo "**** External trigger running off of php8 branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_NEXTCLOUD_PHP8\". ****" echo "**** Retrieving external version ****" - EXT_RELEASE=$(curl -s https://raw.githubusercontent.com/nextcloud/nextcloud.com/master/strings.php | awk -F\' '/VERSIONS_SERVER_FULL_STABLE/ {print $2;exit}') + EXT_RELEASE=$(curl -u ${{ secrets.CR_USER }}:${{ secrets.CR_PAT }} -sX GET https://api.github.com/repos/nextcloud/server/releases/latest | jq -r '. | .tag_name' | sed 's|^v||') if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then echo "**** Can't retrieve external version, exiting ****" FAILURE_REASON="Can't retrieve external version for nextcloud branch php8" diff --git a/Dockerfile b/Dockerfile index a39f57c..74cccab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -80,7 +80,7 @@ RUN \ echo 'apc.enable_cli=1' >> /etc/php8/conf.d/apcu.ini && \ sed -i \ -e 's/;opcache.enable.*=.*/opcache.enable=1/g' \ - -e 's/;opcache.interned_strings_buffer.*=.*/opcache.interned_strings_buffer=8/g' \ + -e 's/;opcache.interned_strings_buffer.*=.*/opcache.interned_strings_buffer=16/g' \ -e 's/;opcache.max_accelerated_files.*=.*/opcache.max_accelerated_files=10000/g' \ -e 's/;opcache.memory_consumption.*=.*/opcache.memory_consumption=128/g' \ -e 's/;opcache.save_comments.*=.*/opcache.save_comments=1/g' \ @@ -97,8 +97,9 @@ RUN \ echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php8/php-fpm.conf && \ echo "**** set version tag ****" && \ if [ -z ${NEXTCLOUD_RELEASE+x} ]; then \ - NEXTCLOUD_RELEASE=$(curl -s https://raw.githubusercontent.com/nextcloud/nextcloud.com/master/strings.php \ - | awk -F\' '/VERSIONS_SERVER_FULL_STABLE/ {print $2;exit}'); \ + NEXTCLOUD_RELEASE=$(curl -sX GET https://api.github.com/repos/nextcloud/server/releases/latest \ + | awk '/tag_name/{print $4;exit}' FS='[""]' \ + | sed 's|^v||'); \ fi && \ echo "**** download nextcloud ****" && \ curl -o /app/nextcloud.tar.bz2 -L \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index b8393e9..fbdb866 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -80,7 +80,7 @@ RUN \ echo 'apc.enable_cli=1' >> /etc/php8/conf.d/apcu.ini && \ sed -i \ -e 's/;opcache.enable.*=.*/opcache.enable=1/g' \ - -e 's/;opcache.interned_strings_buffer.*=.*/opcache.interned_strings_buffer=8/g' \ + -e 's/;opcache.interned_strings_buffer.*=.*/opcache.interned_strings_buffer=16/g' \ -e 's/;opcache.max_accelerated_files.*=.*/opcache.max_accelerated_files=10000/g' \ -e 's/;opcache.memory_consumption.*=.*/opcache.memory_consumption=128/g' \ -e 's/;opcache.save_comments.*=.*/opcache.save_comments=1/g' \ @@ -97,8 +97,9 @@ RUN \ echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php8/php-fpm.conf && \ echo "**** set version tag ****" && \ if [ -z ${NEXTCLOUD_RELEASE+x} ]; then \ - NEXTCLOUD_RELEASE=$(curl -s https://raw.githubusercontent.com/nextcloud/nextcloud.com/master/strings.php \ - | awk -F\' '/VERSIONS_SERVER_FULL_STABLE/ {print $2;exit}'); \ + NEXTCLOUD_RELEASE=$(curl -sX GET https://api.github.com/repos/nextcloud/server/releases/latest \ + | awk '/tag_name/{print $4;exit}' FS='[""]' \ + | sed 's|^v||'); \ fi && \ echo "**** download nextcloud ****" && \ curl -o /app/nextcloud.tar.bz2 -L \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 751b5f6..d9d89ce 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -80,7 +80,7 @@ RUN \ echo 'apc.enable_cli=1' >> /etc/php8/conf.d/apcu.ini && \ sed -i \ -e 's/;opcache.enable.*=.*/opcache.enable=1/g' \ - -e 's/;opcache.interned_strings_buffer.*=.*/opcache.interned_strings_buffer=8/g' \ + -e 's/;opcache.interned_strings_buffer.*=.*/opcache.interned_strings_buffer=168/g' \ -e 's/;opcache.max_accelerated_files.*=.*/opcache.max_accelerated_files=10000/g' \ -e 's/;opcache.memory_consumption.*=.*/opcache.memory_consumption=128/g' \ -e 's/;opcache.save_comments.*=.*/opcache.save_comments=1/g' \ @@ -97,8 +97,9 @@ RUN \ echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php8/php-fpm.conf && \ echo "**** set version tag ****" && \ if [ -z ${NEXTCLOUD_RELEASE+x} ]; then \ - NEXTCLOUD_RELEASE=$(curl -s https://raw.githubusercontent.com/nextcloud/nextcloud.com/master/strings.php \ - | awk -F\' '/VERSIONS_SERVER_FULL_STABLE/ {print $2;exit}'); \ + NEXTCLOUD_RELEASE=$(curl -sX GET https://api.github.com/repos/nextcloud/server/releases/latest \ + | awk '/tag_name/{print $4;exit}' FS='[""]' \ + | sed 's|^v||'); \ fi && \ echo "**** download nextcloud ****" && \ curl -o /app/nextcloud.tar.bz2 -L \ diff --git a/Jenkinsfile b/Jenkinsfile index 1bb7cb9..4cf6995 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -104,7 +104,7 @@ pipeline { steps{ script{ env.EXT_RELEASE = sh( - script: ''' curl -s https://raw.githubusercontent.com/nextcloud/nextcloud.com/master/strings.php | awk -F\\' '/VERSIONS_SERVER_FULL_STABLE/ {print $2;exit}' ''', + script: ''' curl -sX GET https://api.github.com/repos/nextcloud/server/releases/latest | jq -r '. | .tag_name' | sed 's|^v||' ''', returnStdout: true).trim() env.RELEASE_LINK = 'custom_command' } diff --git a/README.md b/README.md index 8c206c6..4a7f300 100644 --- a/README.md +++ b/README.md @@ -248,6 +248,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **05.06.22:** - Bring `php8` tag in line with `latest`. * **24.06.21:** - Rebase to alpine 3.14. * **01.04.21:** - Fix crontab during upgrade from php7. * **16.03.21:** - Rebase on the php8 nginx baseimage. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index aceef45..4cfde02 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -3,7 +3,7 @@ # jenkins variables project_name: docker-nextcloud external_type: na -custom_version_command: "curl -s https://raw.githubusercontent.com/nextcloud/nextcloud.com/master/strings.php | awk -F\\\\' '/VERSIONS_SERVER_FULL_STABLE/ {print $2;exit}'" +custom_version_command: "curl -sX GET https://api.github.com/repos/nextcloud/server/releases/latest | jq -r '. | .tag_name' | sed 's|^v||'" release_type: prerelease release_tag: php8 ls_branch: php8 diff --git a/readme-vars.yml b/readme-vars.yml index a40cff5..dbd886f 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -75,6 +75,7 @@ app_setup_block: | # changelog changelogs: + - { date: "05.06.22:", desc: "Bring `php8` tag in line with `latest`." } - { date: "24.06.21:", desc: "Rebase to alpine 3.14." } - { date: "01.04.21:", desc: "Fix crontab during upgrade from php7." } - { date: "16.03.21:", desc: "Rebase on the php8 nginx baseimage." } diff --git a/root/defaults/default b/root/defaults/default index 44681b8..7506b8a 100644 --- a/root/defaults/default +++ b/root/defaults/default @@ -27,6 +27,7 @@ server { # set max upload size client_max_body_size 512M; + client_body_timeout 300s; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers @@ -35,7 +36,7 @@ server { gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # HTTP response headers borrowed from Nextcloud `.htaccess` add_header Referrer-Policy "no-referrer" always; @@ -85,25 +86,32 @@ server { # `location ~ /(\.|autotest|...)` which would otherwise handle requests # for `/.well-known`. location ^~ /.well-known { - # The following 6 rules are borrowed from `.htaccess` + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - # Anything else is dynamically handled by Nextcloud - location ^~ /.well-known { return 301 /index.php$uri; } + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } - try_files $uri $uri/ =404; + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; } # Rules borrowed from `.htaccess` to hide certain paths from clients location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } # Ensure this block, which passes PHP files to the PHP process, is above the blocks # which handle static assets (as seen below). If this block is not declared first, # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { + # Required for legacy support + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; @@ -120,12 +128,18 @@ server { fastcgi_intercept_errors on; fastcgi_request_buffering off; + + fastcgi_max_temp_file_size 0; } - location ~ \.(?:css|js|svg|gif)$ { + location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ { try_files $uri /index.php$request_uri; expires 6M; # Cache-Control policy borrowed from `.htaccess` access_log off; # Optional: Don't log access to assets + + location ~ \.wasm$ { + default_type application/wasm; + } } location ~ \.woff2?$ { @@ -134,6 +148,11 @@ server { access_log off; # Optional: Don't log access to assets } + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + location / { try_files $uri $uri/ /index.php$request_uri; }