first commit

This commit is contained in:
sparklyballs
2016-06-30 23:44:08 +01:00
commit 99db4d373a
8 changed files with 271 additions and 0 deletions
+91
View File
@@ -0,0 +1,91 @@
FROM lsiobase/alpine.nginx
MAINTAINER sparklyballs
# set nextcloud version and path
ENV NEXTCLOUD_VER="9.0.51"
ENV WWW_ROOT="/config/www"
ENV NEXTCLOUD_PATH="${WWW_ROOT}/nextcloud"
# install build-dependencies
RUN \
apk add --no-cache --virtual=build-dependencies \
autoconf \
automake \
file \
g++ \
gcc \
make \
php5-dev \
re2c \
samba-dev \
zlib-dev && \
# fetch php smbclient source
git clone git://github.com/eduardok/libsmbclient-php.git /tmp/smbclient && \
# compile smbclient
cd /tmp/smbclient && \
phpize && \
./configure && \
make && \
make install && \
# uninstall build-dependencies
apk del --purge \
build-dependencies && \
# cleanup
rm -rfv /tmp/*
# install runtime packages
RUN \
apk add --no-cache \
curl \
ffmpeg \
libxml2 \
php5-apcu \
php5-bz2 \
php5-ctype \
php5-curl \
php5-dom \
php5-exif \
php5-ftp \
php5-gd \
php5-gmp \
php5-iconv \
php5-imap \
php5-intl \
php5-ldap \
php5-mcrypt \
php5-openssl \
php5-pcntl \
php5-pdo_mysql \
php5-pdo_pgsql \
php5-pdo_sqlite \
php5-pgsql \
php5-posix \
php5-sqlite3 \
php5-xml \
php5-xmlreader \
php5-zip \
php5-zlib \
samba \
tar \
unzip && \
apk add --no-cache --repository http://nl.alpinelinux.org/alpine/edge/testing \
php5-memcached
# configure php extensions
RUN \
echo "extension="smbclient.so"" >> /etc/php5/php.ini
# configure php for nextcloud
RUN \
echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /defaults/nginx-fpm.conf
# add local files
COPY root/ /
# ports and volumes
VOLUME /config /data
EXPOSE 443
+6
View File
@@ -0,0 +1,6 @@
![https://linuxserver.io](http://www.linuxserver.io/wp-content/uploads/2015/06/linuxserver_medium.png)
## This is a Container in active development, and should not be used by the general public.
If you are curious about the current progress or want to comment\contribute to this work, feel free to join us at our irc channel:
[IRC](https://www.linuxserver.io/index.php/irc/) on freenode at `#linuxserver.io` or visit our website at [https://linuxserver.io](https://www.linuxserver.io/).
+5
View File
@@ -0,0 +1,5 @@
<?php
$CONFIG = array (
'memcache.local' => '\OC\Memcache\APCu',
);
+108
View File
@@ -0,0 +1,108 @@
upstream php-handler {
server 127.0.0.1:9000;
# server unix:/var/run/php/php7.0-fpm.sock;
}
server {
listen 80;
server_name _;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name _;
ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /config/www/nextcloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}
+38
View File
@@ -0,0 +1,38 @@
#!/bin/bash
ocpath="${NEXTCLOUD_PATH}"
htuser='abc'
htgroup='abc'
rootuser='root'
printf "Creating possible missing Directories\n"
mkdir -p $ocpath/data
mkdir -p $ocpath/assets
mkdir -p $ocpath/updater
printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/assets/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpath}/data/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/updater/
chmod +x ${ocpath}/occ
printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]
then
chmod 0644 ${ocpath}/.htaccess
chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]
then
chmod 0644 ${ocpath}/data/.htaccess
chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi
+5
View File
@@ -0,0 +1,5 @@
#!/usr/bin/with-contenv bash
# permissions
chown abc:abc /config /data
chown -R abc:abc /var/lib/nginx
+13
View File
@@ -0,0 +1,13 @@
#!/usr/bin/with-contenv bash
mkdir -p "${WWW_ROOT}"
chown abc:abc "${WWW_ROOT}"
if [ ! -e "${NEXTCLOUD_PATH}/index.php" ]; then
curl -o /tmp/nextcloud.zip -L \
https://download.nextcloud.com/server/releases/nextcloud-"${NEXTCLOUD_VER}".zip
cd /tmp || true
unzip nextcloud.zip
mv /tmp/nextcloud "${NEXTCLOUD_PATH}"
rm -f /tmp/nextcloud.zip
fi
+5
View File
@@ -0,0 +1,5 @@
#!/usr/bin/with-contenv bash
[[ ! -f /config/www/nextcloud/config/config.php ]] && cp /defaults/config.php /config/www/nextcloud/config/config.php
chown abc:abc /config/www/nextcloud/config/config.php