diff --git a/Dockerfile b/Dockerfile index d429c6e..71f0fa3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.14 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15 # set version label ARG BUILD_DATE @@ -12,18 +12,6 @@ ENV NEXTCLOUD_PATH="/config/www/nextcloud" \ LD_PRELOAD="/usr/lib/preloadable_libiconv.so" RUN \ - echo "**** install build packages ****" && \ - apk add --no-cache --virtual=build-dependencies --upgrade \ - autoconf \ - automake \ - file \ - g++ \ - gcc \ - make \ - php7-dev \ - re2c \ - samba-dev \ - zlib-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ curl \ @@ -31,52 +19,46 @@ RUN \ gnu-libiconv \ imagemagick \ libxml2 \ - php7-apcu \ - php7-bcmath \ - php7-bz2 \ - php7-ctype \ - php7-curl \ - php7-dom \ - php7-exif \ - php7-fileinfo \ - php7-ftp \ - php7-gd \ - php7-gmp \ - php7-iconv \ - php7-imagick \ - php7-imap \ - php7-intl \ - php7-ldap \ - php7-mcrypt \ - php7-memcached \ - php7-opcache \ - php7-pcntl \ - php7-pdo_mysql \ - php7-pdo_pgsql \ - php7-pdo_sqlite \ - php7-pgsql \ - php7-phar \ - php7-posix \ - php7-redis \ - php7-sodium \ - php7-sqlite3 \ - php7-xmlreader \ - php7-zip \ + php8-apcu \ + php8-bcmath \ + php8-bz2 \ + php8-ctype \ + php8-curl \ + php8-dom \ + php8-exif \ + php8-fileinfo \ + php8-ftp \ + php8-gd \ + php8-gmp \ + php8-iconv \ + php8-imap \ + php8-intl \ + php8-ldap \ + php8-opcache \ + php8-pcntl \ + php8-pdo_mysql \ + php8-pdo_pgsql \ + php8-pdo_sqlite \ + php8-pecl-imagick \ + php8-pecl-mcrypt \ + php8-pecl-memcached \ + php8-pgsql \ + php8-phar \ + php8-posix \ + php8-redis \ + php8-sodium \ + php8-sqlite3 \ + php8-xmlreader \ + php8-zip \ samba-client \ sudo \ tar \ unzip && \ - echo "**** compile smbclient ****" && \ - git clone https://github.com/eduardok/libsmbclient-php.git /tmp/smbclient && \ - cd /tmp/smbclient && \ - phpize7 && \ - ./configure \ - --with-php-config=/usr/bin/php-config7 && \ - make && \ - make install && \ + apk add --no-cache \ + --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php8-pecl-smbclient && \ echo "**** configure php and nginx for nextcloud ****" && \ - echo "extension="smbclient.so"" > /etc/php7/conf.d/00_smbclient.ini && \ - echo 'apc.enable_cli=1' >> /etc/php7/conf.d/apcu.ini && \ + echo 'apc.enable_cli=1' >> /etc/php8/conf.d/apcu.ini && \ sed -i \ -e 's/;opcache.enable.*=.*/opcache.enable=1/g' \ -e 's/;opcache.interned_strings_buffer.*=.*/opcache.interned_strings_buffer=16/g' \ @@ -89,11 +71,11 @@ RUN \ -e 's/max_execution_time.*=.*30/max_execution_time=120/g' \ -e 's/upload_max_filesize.*=.*2M/upload_max_filesize=1024M/g' \ -e 's/post_max_size.*=.*8M/post_max_size=1024M/g' \ - /etc/php7/php.ini && \ + /etc/php8/php.ini && \ sed -i \ '/opcache.enable=1/a opcache.enable_cli=1' \ - /etc/php7/php.ini && \ - echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php7/php-fpm.conf && \ + /etc/php8/php.ini && \ + echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php8/php-fpm.conf && \ echo "**** set version tag ****" && \ if [ -z ${NEXTCLOUD_RELEASE+x} ]; then \ NEXTCLOUD_RELEASE=$(curl -sX GET https://api.github.com/repos/nextcloud/server/releases/latest \ @@ -107,8 +89,6 @@ RUN \ tar xvf /app/nextcloud.tar.bz2 -C \ /tmp && \ echo "**** cleanup ****" && \ - apk del --purge \ - build-dependencies && \ rm -rf \ /tmp/* @@ -117,4 +97,3 @@ COPY root/ / # ports and volumes EXPOSE 443 -VOLUME /config /data diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index ed93a65..5d5ca74 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.14 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15 # set version label ARG BUILD_DATE @@ -12,18 +12,6 @@ ENV NEXTCLOUD_PATH="/config/www/nextcloud" \ LD_PRELOAD="/usr/lib/preloadable_libiconv.so" RUN \ - echo "**** install build packages ****" && \ - apk add --no-cache --virtual=build-dependencies --upgrade \ - autoconf \ - automake \ - file \ - g++ \ - gcc \ - make \ - php7-dev \ - re2c \ - samba-dev \ - zlib-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ curl \ @@ -31,52 +19,46 @@ RUN \ gnu-libiconv \ imagemagick \ libxml2 \ - php7-apcu \ - php7-bcmath \ - php7-bz2 \ - php7-ctype \ - php7-curl \ - php7-dom \ - php7-exif \ - php7-fileinfo \ - php7-ftp \ - php7-gd \ - php7-gmp \ - php7-iconv \ - php7-imagick \ - php7-imap \ - php7-intl \ - php7-ldap \ - php7-mcrypt \ - php7-memcached \ - php7-opcache \ - php7-pcntl \ - php7-pdo_mysql \ - php7-pdo_pgsql \ - php7-pdo_sqlite \ - php7-pgsql \ - php7-phar \ - php7-posix \ - php7-redis \ - php7-sodium \ - php7-sqlite3 \ - php7-xmlreader \ - php7-zip \ + php8-apcu \ + php8-bcmath \ + php8-bz2 \ + php8-ctype \ + php8-curl \ + php8-dom \ + php8-exif \ + php8-fileinfo \ + php8-ftp \ + php8-gd \ + php8-gmp \ + php8-iconv \ + php8-imap \ + php8-intl \ + php8-ldap \ + php8-opcache \ + php8-pcntl \ + php8-pdo_mysql \ + php8-pdo_pgsql \ + php8-pdo_sqlite \ + php8-pecl-imagick \ + php8-pecl-mcrypt \ + php8-pecl-memcached \ + php8-pgsql \ + php8-phar \ + php8-posix \ + php8-redis \ + php8-sodium \ + php8-sqlite3 \ + php8-xmlreader \ + php8-zip \ samba-client \ sudo \ tar \ unzip && \ - echo "**** compile smbclient ****" && \ - git clone https://github.com/eduardok/libsmbclient-php.git /tmp/smbclient && \ - cd /tmp/smbclient && \ - phpize7 && \ - ./configure \ - --with-php-config=/usr/bin/php-config7 && \ - make && \ - make install && \ + apk add --no-cache \ + --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php8-pecl-smbclient && \ echo "**** configure php and nginx for nextcloud ****" && \ - echo "extension="smbclient.so"" > /etc/php7/conf.d/00_smbclient.ini && \ - echo 'apc.enable_cli=1' >> /etc/php7/conf.d/apcu.ini && \ + echo 'apc.enable_cli=1' >> /etc/php8/conf.d/apcu.ini && \ sed -i \ -e 's/;opcache.enable.*=.*/opcache.enable=1/g' \ -e 's/;opcache.interned_strings_buffer.*=.*/opcache.interned_strings_buffer=16/g' \ @@ -89,11 +71,11 @@ RUN \ -e 's/max_execution_time.*=.*30/max_execution_time=120/g' \ -e 's/upload_max_filesize.*=.*2M/upload_max_filesize=1024M/g' \ -e 's/post_max_size.*=.*8M/post_max_size=1024M/g' \ - /etc/php7/php.ini && \ + /etc/php8/php.ini && \ sed -i \ '/opcache.enable=1/a opcache.enable_cli=1' \ - /etc/php7/php.ini && \ - echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php7/php-fpm.conf && \ + /etc/php8/php.ini && \ + echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php8/php-fpm.conf && \ echo "**** set version tag ****" && \ if [ -z ${NEXTCLOUD_RELEASE+x} ]; then \ NEXTCLOUD_RELEASE=$(curl -sX GET https://api.github.com/repos/nextcloud/server/releases/latest \ @@ -107,8 +89,6 @@ RUN \ tar xvf /app/nextcloud.tar.bz2 -C \ /tmp && \ echo "**** cleanup ****" && \ - apk del --purge \ - build-dependencies && \ rm -rf \ /tmp/* @@ -117,4 +97,3 @@ COPY root/ / # ports and volumes EXPOSE 443 -VOLUME /config /data diff --git a/Dockerfile.armhf b/Dockerfile.armhf index df8c08c..db3bcfe 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.14 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15 # set version label ARG BUILD_DATE @@ -12,18 +12,6 @@ ENV NEXTCLOUD_PATH="/config/www/nextcloud" \ LD_PRELOAD="/usr/lib/preloadable_libiconv.so" RUN \ - echo "**** install build packages ****" && \ - apk add --no-cache --virtual=build-dependencies --upgrade \ - autoconf \ - automake \ - file \ - g++ \ - gcc \ - make \ - php7-dev \ - re2c \ - samba-dev \ - zlib-dev && \ echo "**** install runtime packages ****" && \ apk add --no-cache --upgrade \ curl \ @@ -31,52 +19,46 @@ RUN \ gnu-libiconv \ imagemagick \ libxml2 \ - php7-apcu \ - php7-bcmath \ - php7-bz2 \ - php7-ctype \ - php7-curl \ - php7-dom \ - php7-exif \ - php7-fileinfo \ - php7-ftp \ - php7-gd \ - php7-gmp \ - php7-iconv \ - php7-imagick \ - php7-imap \ - php7-intl \ - php7-ldap \ - php7-mcrypt \ - php7-memcached \ - php7-opcache \ - php7-pcntl \ - php7-pdo_mysql \ - php7-pdo_pgsql \ - php7-pdo_sqlite \ - php7-pgsql \ - php7-phar \ - php7-posix \ - php7-redis \ - php7-sodium \ - php7-sqlite3 \ - php7-xmlreader \ - php7-zip \ + php8-apcu \ + php8-bcmath \ + php8-bz2 \ + php8-ctype \ + php8-curl \ + php8-dom \ + php8-exif \ + php8-fileinfo \ + php8-ftp \ + php8-gd \ + php8-gmp \ + php8-iconv \ + php8-imap \ + php8-intl \ + php8-ldap \ + php8-opcache \ + php8-pcntl \ + php8-pdo_mysql \ + php8-pdo_pgsql \ + php8-pdo_sqlite \ + php8-pecl-imagick \ + php8-pecl-mcrypt \ + php8-pecl-memcached \ + php8-pgsql \ + php8-phar \ + php8-posix \ + php8-redis \ + php8-sodium \ + php8-sqlite3 \ + php8-xmlreader \ + php8-zip \ samba-client \ sudo \ tar \ unzip && \ - echo "**** compile smbclient ****" && \ - git clone https://github.com/eduardok/libsmbclient-php.git /tmp/smbclient && \ - cd /tmp/smbclient && \ - phpize7 && \ - ./configure \ - --with-php-config=/usr/bin/php-config7 && \ - make && \ - make install && \ + apk add --no-cache \ + --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \ + php8-pecl-smbclient && \ echo "**** configure php and nginx for nextcloud ****" && \ - echo "extension="smbclient.so"" > /etc/php7/conf.d/00_smbclient.ini && \ - echo 'apc.enable_cli=1' >> /etc/php7/conf.d/apcu.ini && \ + echo 'apc.enable_cli=1' >> /etc/php8/conf.d/apcu.ini && \ sed -i \ -e 's/;opcache.enable.*=.*/opcache.enable=1/g' \ -e 's/;opcache.interned_strings_buffer.*=.*/opcache.interned_strings_buffer=16/g' \ @@ -89,11 +71,11 @@ RUN \ -e 's/max_execution_time.*=.*30/max_execution_time=120/g' \ -e 's/upload_max_filesize.*=.*2M/upload_max_filesize=1024M/g' \ -e 's/post_max_size.*=.*8M/post_max_size=1024M/g' \ - /etc/php7/php.ini && \ + /etc/php8/php.ini && \ sed -i \ '/opcache.enable=1/a opcache.enable_cli=1' \ - /etc/php7/php.ini && \ - echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php7/php-fpm.conf && \ + /etc/php8/php.ini && \ + echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php8/php-fpm.conf && \ echo "**** set version tag ****" && \ if [ -z ${NEXTCLOUD_RELEASE+x} ]; then \ NEXTCLOUD_RELEASE=$(curl -sX GET https://api.github.com/repos/nextcloud/server/releases/latest \ @@ -107,8 +89,6 @@ RUN \ tar xvf /app/nextcloud.tar.bz2 -C \ /tmp && \ echo "**** cleanup ****" && \ - apk del --purge \ - build-dependencies && \ rm -rf \ /tmp/* @@ -117,4 +97,3 @@ COPY root/ / # ports and volumes EXPOSE 443 -VOLUME /config /data diff --git a/README.md b/README.md index adec5c7..df3cb6f 100644 --- a/README.md +++ b/README.md @@ -66,8 +66,7 @@ This image provides various versions that are available via tags. Please read th | Tag | Available | Description | | :----: | :----: |--- | -| latest | ✅ | Stable Nextcloud releases (currently php7) | -| php8 | ✅ | Experimental php8 based Nextcloud releases | +| latest | ✅ | Stable Nextcloud releases | ## Application Setup @@ -257,25 +256,26 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **20.08.22:** - Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base)). * **21.05.22:** - Update version check endpoint. * **28.04.22:** - Increase OPCache interned strings buffered setting to 16. * **14.04.22:** - Nginx default site config updated for v23 (existing users should delete `/config/nginx/site-confs/default` and restart the container). Fix LDAP connection. * **11.09.21:** - Rebasing to alpine 3.14 * **21.03.21:** - Publish `php8` tag for testing. -* **25.02.21:** - Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default` and restart the container). +* **25.02.21:** - Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container). * **21.01.21:** - Fix php iconv (was breaking the mail addon). If installed, attempt to remove broken CODE Server app during startup. -* **20.01.21:** - Increase php fcgi timeout to prevent 504 Gateway timeout errors (existing users should delete `/config/nginx/site-confs/default` and restart the container). +* **20.01.21:** - Increase php fcgi timeout to prevent 504 Gateway timeout errors (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container). * **16.01.21:** - Rebasing to alpine 3.13. Users with issues on 32-bit arm, [see this article](https://docs.linuxserver.io/faq#my-host-is-incompatible-with-images-based-on-ubuntu-focal-and-alpine-3-13). -* **12.08.20:** - Various updates to default site config, including added support for webfinger (existing users should delete `/config/nginx/site-confs/default` and restart the container). +* **12.08.20:** - Various updates to default site config, including added support for webfinger (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container). * **03.06.20:** - Rebasing to alpine 3.12 * **03.06.20:** - Add php7-bcmath and php7-fileinfo * **31.05.20:** - Add aliases for occ and updater.phar * **31.03.20:** - Allow crontab to be user customized, fix logrotate. -* **17.01.20:** - Updated php.ini defaults and site config, including an optional HSTS directive (existing users should delete `/config/nginx/site-confs/default` and restart the container). +* **17.01.20:** - Updated php.ini defaults and site config, including an optional HSTS directive (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container). * **19.12.19:** - Rebasing to alpine 3.11. -* **18.11.19:** - Nginx default site config updated for v17 (existing users should delete `/config/nginx/site-confs/default` and restart the container). +* **18.11.19:** - Nginx default site config updated for v17 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container). * **28.10.19:** - Change cronjob to run every 5 minutes. -* **24.10.19:** - Nginx default site config updated due to CVE-2019-11043 (existing users should delete `/config/nginx/site-confs/default` and restart the container). +* **24.10.19:** - Nginx default site config updated due to CVE-2019-11043 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container). * **14.07.19:** - Download nextcloud during build time. * **28.06.19:** - Rebasing to alpine 3.10. * **23.03.19:** - Switching to new Base images, shift to arm32v7 tag. diff --git a/package_versions.txt b/package_versions.txt index 2147b08..dfb5775 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -2,7 +2,7 @@ alpine-baselayout-3.2.0-r16 alpine-keys-2.4-r0 alsa-lib-1.2.5-r2 aom-libs-1.0.0-r3 -apache2-utils-2.4.54-r0 +apache2-utils-2.4.51-r0 apk-tools-2.12.7-r0 apr-1.7.0-r1 apr-util-1.6.1-r7 @@ -10,7 +10,7 @@ argon2-libs-20190702-r1 avahi-libs-0.8-r5 bash-5.1.16-r0 brotli-libs-1.0.9-r5 -busybox-1.33.1-r8 +busybox-1.33.1-r6 c-client-2007f-r11 ca-certificates-20220614-r0 ca-certificates-bundle-20220614-r0 @@ -20,7 +20,7 @@ coreutils-8.32-r2 cups-libs-2.3.3-r3 curl-7.79.1-r2 dbus-libs-1.12.20-r2 -expat-2.4.7-r0 +expat-2.4.1-r0 ffmpeg-4.4.1-r0 ffmpeg-libs-4.4.1-r0 fontconfig-2.13.1-r4 @@ -37,18 +37,18 @@ gnutls-3.7.1-r1 graphite2-1.3.14-r0 harfbuzz-2.8.1-r0 icu-libs-67.1-r2 -imagemagick-7.0.11.14-r1 -imagemagick-libs-7.0.11.14-r1 +imagemagick-7.0.11.14-r0 +imagemagick-libs-7.0.11.14-r0 jansson-2.13.1-r0 jbig2dec-0.19-r0 lame-3.100-r0 lcms2-2.12-r1 ldb-2.3.3-r0 libacl-2.2.53-r0 -libarchive-3.5.3-r0 +libarchive-3.5.2-r0 libass-0.15.1-r0 libattr-2.5.1-r0 -libblkid-2.37.4-r0 +libblkid-2.37.2-r0 libbsd-0.11.3-r0 libbz2-1.0.8-r1 libc-utils-0.7.2-r3 @@ -72,11 +72,11 @@ libmagic-5.40-r1 libmcrypt-2.5.8-r9 libmd-1.0.3-r0 libmemcached-libs-1.0.18-r4 -libmount-2.37.4-r0 +libmount-2.37.2-r0 libogg-1.3.5-r0 libpciaccess-0.16-r0 libpng-1.6.37-r1 -libpq-13.7-r0 +libpq-13.5-r0 libproc-3.3.17-r0 libressl3.3-libcrypto-3.3.6-r0 libressl3.3-libssl-3.3.6-r0 @@ -84,7 +84,7 @@ libretls-3.3.3p1-r3 librsvg-2.50.4-r1 libsasl-2.1.28-r0 libsm-1.2.3-r0 -libsmbclient-4.14.12-r0 +libsmbclient-4.14.8-r0 libsodium-1.0.18-r0 libsrt-1.4.2-r0 libssh-0.9.6-r0 @@ -93,12 +93,12 @@ libstdc++-10.3.1_git20210424-r2 libtasn1-4.17.0-r0 libtheora-1.1.1-r16 libunistring-0.9.10-r1 -libuuid-2.37.4-r0 +libuuid-2.37.2-r0 libva-2.11.0-r0 libvdpau-1.4-r0 libvorbis-1.3.7-r0 libvpx-1.10.0-r0 -libwbclient-4.14.12-r0 +libwbclient-4.14.8-r0 libwebp-1.2.0-r2 libx11-1.7.2-r0 libxau-1.0.9-r0 @@ -114,7 +114,7 @@ libxt-1.2.1-r0 libzip-1.7.3-r2 linux-pam-1.5.1-r1 lmdb-0.9.29-r0 -logrotate-3.18.1-r3 +logrotate-3.18.1-r0 lz4-libs-1.9.3-r1 musl-1.2.2-r3 musl-utils-1.2.2-r3 @@ -123,14 +123,14 @@ ncurses-libs-6.2_p20210612-r1 ncurses-terminfo-base-6.2_p20210612-r1 nettle-3.7.3-r0 nghttp2-libs-1.43.0-r0 -nginx-1.20.2-r1 +nginx-1.20.2-r0 oniguruma-6.9.7.1-r0 openssl-1.1.1q-r0 opus-1.3.1-r1 p11-kit-0.23.22-r0 pango-1.48.5-r0 pcre-8.44-r0 -pcre2-10.36-r1 +pcre2-10.36-r0 php7-7.4.26-r0 php7-bcmath-7.4.26-r0 php7-bz2-7.4.26-r0 @@ -181,11 +181,11 @@ popt-1.18-r0 procps-3.3.17-r0 readline-8.1.0-r0 s6-ipcserver-2.10.0.3-r0 -samba-client-4.14.12-r0 -samba-client-libs-4.14.12-r0 -samba-common-4.14.12-r0 -samba-libs-4.14.12-r0 -samba-util-libs-4.14.12-r0 +samba-client-4.14.8-r0 +samba-client-libs-4.14.8-r0 +samba-common-4.14.8-r0 +samba-libs-4.14.8-r0 +samba-util-libs-4.14.8-r0 scanelf-1.3.2-r0 sdl2-2.0.14-r1 shadow-4.8.1-r0 @@ -193,14 +193,14 @@ shared-mime-info-2.1-r0 skalibs-2.10.0.3-r0 soxr-0.1.3-r2 sqlite-libs-3.35.5-r0 -ssl_client-1.33.1-r8 +ssl_client-1.33.1-r6 sudo-1.9.7_p1-r1 talloc-2.3.2-r1 tar-1.34-r0 tdb-libs-1.4.3-r1 tevent-0.10.2-r1 -tiff-4.3.0-r0 -tzdata-2022a-r0 +tiff-4.2.0-r1 +tzdata-2021e-r0 unzip-6.0-r9 utmps-0.1.0.2-r0 v4l-utils-libs-1.20.0-r0 diff --git a/readme-vars.yml b/readme-vars.yml index 87bfb20..554cbc8 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -20,8 +20,7 @@ available_architectures: # development version development_versions: true development_versions_items: - - { tag: "latest", desc: "Stable Nextcloud releases (currently php7)" } - - { tag: "php8", desc: "Experimental php8 based Nextcloud releases" } + - { tag: "latest", desc: "Stable Nextcloud releases" } # container parameters common_param_env_vars_enabled: true @@ -78,25 +77,26 @@ app_setup_block: | # changelog changelogs: + - { date: "20.08.22:", desc: "Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base))." } - { date: "21.05.22:", desc: "Update version check endpoint." } - { date: "28.04.22:", desc: "Increase OPCache interned strings buffered setting to 16." } - { date: "14.04.22:", desc: "Nginx default site config updated for v23 (existing users should delete `/config/nginx/site-confs/default` and restart the container). Fix LDAP connection." } - { date: "11.09.21:", desc: "Rebasing to alpine 3.14" } - { date: "21.03.21:", desc: "Publish `php8` tag for testing." } - - { date: "25.02.21:", desc: "Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default` and restart the container)." } + - { date: "25.02.21:", desc: "Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - { date: "21.01.21:", desc: "Fix php iconv (was breaking the mail addon). If installed, attempt to remove broken CODE Server app during startup." } - - { date: "20.01.21:", desc: "Increase php fcgi timeout to prevent 504 Gateway timeout errors (existing users should delete `/config/nginx/site-confs/default` and restart the container)." } + - { date: "20.01.21:", desc: "Increase php fcgi timeout to prevent 504 Gateway timeout errors (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - { date: "16.01.21:", desc: "Rebasing to alpine 3.13. Users with issues on 32-bit arm, [see this article](https://docs.linuxserver.io/faq#my-host-is-incompatible-with-images-based-on-ubuntu-focal-and-alpine-3-13)." } - - { date: "12.08.20:", desc: "Various updates to default site config, including added support for webfinger (existing users should delete `/config/nginx/site-confs/default` and restart the container)." } + - { date: "12.08.20:", desc: "Various updates to default site config, including added support for webfinger (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - { date: "03.06.20:", desc: "Rebasing to alpine 3.12" } - { date: "03.06.20:", desc: "Add php7-bcmath and php7-fileinfo" } - { date: "31.05.20:", desc: "Add aliases for occ and updater.phar" } - { date: "31.03.20:", desc: "Allow crontab to be user customized, fix logrotate." } - - { date: "17.01.20:", desc: "Updated php.ini defaults and site config, including an optional HSTS directive (existing users should delete `/config/nginx/site-confs/default` and restart the container)." } + - { date: "17.01.20:", desc: "Updated php.ini defaults and site config, including an optional HSTS directive (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - { date: "19.12.19:", desc: "Rebasing to alpine 3.11." } - - { date: "18.11.19:", desc: "Nginx default site config updated for v17 (existing users should delete `/config/nginx/site-confs/default` and restart the container)." } + - { date: "18.11.19:", desc: "Nginx default site config updated for v17 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - { date: "28.10.19:", desc: "Change cronjob to run every 5 minutes." } - - { date: "24.10.19:", desc: "Nginx default site config updated due to CVE-2019-11043 (existing users should delete `/config/nginx/site-confs/default` and restart the container)." } + - { date: "24.10.19:", desc: "Nginx default site config updated due to CVE-2019-11043 (existing users should delete `/config/nginx/site-confs/default.conf` and restart the container)." } - { date: "14.07.19:", desc: "Download nextcloud during build time." } - { date: "28.06.19:", desc: "Rebasing to alpine 3.10." } - { date: "23.03.19:", desc: "Switching to new Base images, shift to arm32v7 tag." } diff --git a/root/defaults/default b/root/defaults/nginx/site-confs/default.conf.sample similarity index 74% rename from root/defaults/default rename to root/defaults/nginx/site-confs/default.conf.sample index 7506b8a..4422e98 100644 --- a/root/defaults/default +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -1,29 +1,35 @@ -upstream php-handler { - server 127.0.0.1:9000; -} +## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-nextcloud/commits/master/root/defaults/nginx/site-confs/default.conf.sample + +# redirect all traffic to https server { - listen 80; - listen [::]:80; - server_name _; - return 301 https://$host$request_uri; + listen 80 default_server; + listen [::]:80 default_server; + + location / { + return 301 https://$host$request_uri; + } } + +# main server block server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name _; - ssl_certificate /config/keys/cert.crt; - ssl_certificate_key /config/keys/cert.key; - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. + server_name _; + + root /config/www/nextcloud/; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; # set max upload size client_max_body_size 512M; @@ -39,35 +45,21 @@ server { gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; - root /config/www/nextcloud/; - # display real ip in nginx logs when connected through reverse proxy via docker network set_real_ip_from 172.0.0.0/8; real_ip_header X-Forwarded-For; - # Specify how to handle directories -- specifying `/index.php$request_uri` - # here as the fallback means that Nginx always exhibits the desired behaviour - # when a client requests a path that corresponds to a directory that exists - # on the server. In particular, if that directory contains an index.php file, - # that file is correctly served; if it doesn't, then the request is passed to - # the front-end controller. This consistent behaviour means that we don't need - # to specify custom rules for certain paths (e.g. images and other assets, - # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus - # `try_files $uri $uri/ /index.php$request_uri` - # always provides the desired behaviour. - index index.php index.html /index.php$request_uri; - # Rule borrowed from `.htaccess` to handle Microsoft DAV clients location = / { if ( $http_user_agent ~ ^DavClnt ) { @@ -122,9 +114,9 @@ server { fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; - fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice - fastcgi_param front_controller_active true; # Enable pretty urls - fastcgi_pass php-handler; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls + fastcgi_pass 127.0.0.1:9000; fastcgi_intercept_errors on; fastcgi_request_buffering off; @@ -144,8 +136,8 @@ server { location ~ \.woff2?$ { try_files $uri /index.php$request_uri; - expires 7d; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets } # Rule borrowed from `.htaccess` @@ -154,7 +146,13 @@ server { } location / { - try_files $uri $uri/ /index.php$request_uri; + # enable for basic auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; } + # deny access to .htaccess/.htpasswd files + location ~ /\.ht { + deny all; + } } diff --git a/root/defaults/root b/root/defaults/root index 536f6d6..f973cd3 100644 --- a/root/defaults/root +++ b/root/defaults/root @@ -6,4 +6,4 @@ 0 3 * * 6 run-parts /etc/periodic/weekly 0 5 1 * * run-parts /etc/periodic/monthly # nextcloud cron -*/5 * * * * s6-setuidgid abc php7 -f /config/www/nextcloud/cron.php +*/5 * * * * s6-setuidgid abc php8 -f /config/www/nextcloud/cron.php diff --git a/root/etc/cont-init.d/40-config b/root/etc/cont-init.d/40-config index 4deb6b2..401ee6c 100644 --- a/root/etc/cont-init.d/40-config +++ b/root/etc/cont-init.d/40-config @@ -1,8 +1,13 @@ #!/usr/bin/with-contenv bash +# folders +mkdir -p \ + /config \ + /data + # permissions chown abc:abc \ - /config \ - /data + /config \ + /data chown -R abc:abc \ - /var/lib/nginx + /var/lib/nginx diff --git a/root/etc/cont-init.d/50-install b/root/etc/cont-init.d/50-install index 075be36..49ce53a 100644 --- a/root/etc/cont-init.d/50-install +++ b/root/etc/cont-init.d/50-install @@ -2,19 +2,20 @@ # create folders mkdir -p \ - "${NEXTCLOUD_PATH}" \ - /config/crontabs + "${NEXTCLOUD_PATH}" \ + /config/crontabs # install app if [ ! -e "${NEXTCLOUD_PATH}/index.php" ]; then - tar xf /app/nextcloud.tar.bz2 -C \ - "${NEXTCLOUD_PATH}" --strip-components=1 - chown abc:abc -R \ - "${NEXTCLOUD_PATH}" - chmod +x "${NEXTCLOUD_PATH}/occ" + tar xf /app/nextcloud.tar.bz2 -C \ + "${NEXTCLOUD_PATH}" --strip-components=1 + chown abc:abc -R \ + "${NEXTCLOUD_PATH}" + chmod +x "${NEXTCLOUD_PATH}/occ" fi # set cronjob -[[ ! -f /config/crontabs/root ]] && \ - cp /defaults/root /config/crontabs/root +if [[ ! -f /config/crontabs/root ]]; then + cp /defaults/root /config/crontabs/root +fi cp /config/crontabs/root /etc/crontabs/root diff --git a/root/etc/cont-init.d/60-memcache b/root/etc/cont-init.d/60-memcache index 10697d7..3ea1852 100644 --- a/root/etc/cont-init.d/60-memcache +++ b/root/etc/cont-init.d/60-memcache @@ -1,9 +1,10 @@ #!/usr/bin/with-contenv bash # copy config -[[ ! -f /config/www/nextcloud/config/config.php ]] && \ - cp /defaults/config.php /config/www/nextcloud/config/config.php +if [[ ! -f /config/www/nextcloud/config/config.php ]]; then + cp /defaults/config.php /config/www/nextcloud/config/config.php +fi # permissions chown abc:abc \ - /config/www/nextcloud/config/config.php + /config/www/nextcloud/config/config.php diff --git a/root/etc/cont-init.d/70-aliases b/root/etc/cont-init.d/70-aliases index 991ae2e..920adfd 100644 --- a/root/etc/cont-init.d/70-aliases +++ b/root/etc/cont-init.d/70-aliases @@ -1,20 +1,24 @@ #!/usr/bin/with-contenv bash ## Set alias for occ and make executable -[[ ! -f /usr/bin/occ ]] && \ - echo -e '#!/bin/bash\nsudo -u abc -s /bin/bash -c "php7 /config/www/nextcloud/occ $*"' > /usr/bin/occ +if [[ ! -f /usr/bin/occ ]]; then + echo -e '#!/bin/bash\nsudo -u abc -s /bin/bash -c "php8 /config/www/nextcloud/occ $*"' > /usr/bin/occ +fi -[[ ! -x /usr/bin/occ ]] && \ - chmod +x /usr/bin/occ +if [[ ! -x /usr/bin/occ ]]; then + chmod +x /usr/bin/occ +fi ## Set alias for updater.phar and make executable -[[ ! -f /usr/bin/updater.phar ]] && \ - echo -e '#!/bin/bash\nsudo -u abc -s /bin/bash -c "php7 /config/www/nextcloud/updater/updater.phar $*"' > /usr/bin/updater.phar +if [[ ! -f /usr/bin/updater.phar ]]; then + echo -e '#!/bin/bash\nsudo -u abc -s /bin/bash -c "php8 /config/www/nextcloud/updater/updater.phar $*"' > /usr/bin/updater.phar +fi -[[ ! -x /usr/bin/updater.phar ]] && \ - chmod +x /usr/bin/updater.phar +if [[ ! -x /usr/bin/updater.phar ]]; then + chmod +x /usr/bin/updater.phar +fi if ( occ app:list --no-interaction | grep -q richdocumentscode) 2>/dev/null; then - echo "Removing CODE Server" - occ app:remove --no-interaction richdocumentscode 2>/dev/null + echo "Removing CODE Server" + occ app:remove --no-interaction richdocumentscode 2>/dev/null fi