Compare commits

...

17 Commits

Author SHA1 Message Date
LinuxServer-CI 63ac413394 Bot Updating Package Versions 2021-03-21 11:44:07 -04:00
LinuxServer-CI 60ce804127 Bot Updating Package Versions 2021-03-14 15:48:50 +00:00
LinuxServer-CI 212f58793f Bot Updating Package Versions 2021-03-07 15:40:14 +00:00
LinuxServer-CI 87090fb6fa Bot Updating Package Versions 2021-02-25 19:55:40 +00:00
aptalca 3943379ccf Merge pull request #188 from linuxserver/v21
update default site config for v21
2021-02-25 14:46:34 -05:00
aptalca 868122601b update default site config for v21 2021-02-25 14:13:08 -05:00
aptalca a5008c1640 Merge pull request #184 from Tokugero/master
Making code server removal non-interactive
2021-02-22 08:00:00 -05:00
Tokugero ec4095c431 Removing debug 2021-02-21 21:17:45 -08:00
Tokugero f6fefcc0b8 Updating to remove interaction and dump error to null 2021-02-21 21:17:16 -08:00
LinuxServer-CI 71b9740252 Bot Updating Package Versions 2021-02-21 15:47:56 +00:00
LinuxServer-CI ca8405c1fb Bot Updating Package Versions 2021-02-14 15:44:31 +00:00
LinuxServer-CI c5210f2252 Bot Updating Templated Files 2021-02-14 15:35:41 +00:00
LinuxServer-CI 6e585daba1 Bot Updating Templated Files 2021-02-14 15:34:07 +00:00
LinuxServer-CI 44c75aceca Bot Updating Package Versions 2021-02-07 15:40:10 +00:00
LinuxServer-CI b60554a6b0 Bot Updating Package Versions 2021-02-02 21:18:38 +00:00
LinuxServer-CI 7978ce4cb1 Bot Updating Package Versions 2021-01-31 15:44:02 +00:00
LinuxServer-CI 3f88c9e6b5 Bot Updating Package Versions 2021-01-26 13:30:17 -05:00
7 changed files with 215 additions and 148 deletions
+1
View File
@@ -41,3 +41,4 @@ $RECYCLE.BIN/
Network Trash Folder
Temporary Items
.apdisk
.jenkins-external
Vendored
+61 -16
View File
@@ -231,10 +231,53 @@ pipeline {
TEMPDIR=$(mktemp -d)
docker pull ghcr.io/linuxserver/jenkins-builder:latest
docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH=master -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest
# Stage 1 - Jenkinsfile update
if [[ "$(md5sum Jenkinsfile | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile | awk '{ print $1 }')" ]]; then
mkdir -p ${TEMPDIR}/repo
git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
cd ${TEMPDIR}/repo/${LS_REPO}
git checkout -f master
cp ${TEMPDIR}/docker-${CONTAINER_NAME}/Jenkinsfile ${TEMPDIR}/repo/${LS_REPO}/
git add Jenkinsfile
git commit -m 'Bot Updating Templated Files'
git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
echo "Updating Jenkinsfile"
rm -Rf ${TEMPDIR}
exit 0
else
echo "Jenkinsfile is up to date."
fi
# Stage 2 - Delete old templates
OLD_TEMPLATES=".github/ISSUE_TEMPLATE.md"
for i in ${OLD_TEMPLATES}; do
if [[ -f "${i}" ]]; then
TEMPLATES_TO_DELETE="${i} ${TEMPLATES_TO_DELETE}"
fi
done
if [[ -n "${TEMPLATES_TO_DELETE}" ]]; then
mkdir -p ${TEMPDIR}/repo
git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
cd ${TEMPDIR}/repo/${LS_REPO}
git checkout -f master
cd ${TEMPDIR}/docker-${CONTAINER_NAME}
for i in ${TEMPLATES_TO_DELETE}; do
git rm "${i}"
done
git commit -m 'Bot Updating Templated Files'
git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
echo "Deleting old templates"
rm -Rf ${TEMPDIR}
exit 0
else
echo "No templates to delete"
fi
# Stage 3 - Update templates
CURRENTHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
cd ${TEMPDIR}/docker-${CONTAINER_NAME}
NEWHASH=$(grep -hs ^ ${TEMPLATED_FILES} | md5sum | cut -c1-8)
if [[ "${CURRENTHASH}" != "${NEWHASH}" ]]; then
if [[ "${CURRENTHASH}" != "${NEWHASH}" ]] || ! grep -q '.jenkins-external' "${WORKSPACE}/.gitignore" 2>/dev/null; then
mkdir -p ${TEMPDIR}/repo
git clone https://github.com/${LS_USER}/${LS_REPO}.git ${TEMPDIR}/repo/${LS_REPO}
cd ${TEMPDIR}/repo/${LS_REPO}
@@ -242,11 +285,13 @@ pipeline {
cd ${TEMPDIR}/docker-${CONTAINER_NAME}
mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/workflows
mkdir -p ${TEMPDIR}/repo/${LS_REPO}/.github/ISSUE_TEMPLATE
rm -f ${TEMPDIR}/repo/${LS_REPO}/.github/ISSUE_TEMPLATE.md
cp --parents ${TEMPLATED_FILES} ${TEMPDIR}/repo/${LS_REPO}/ || :
cd ${TEMPDIR}/repo/${LS_REPO}/
if ! grep -q '.jenkins-external' .gitignore 2>/dev/null; then
echo ".jenkins-external" >> .gitignore
git add .gitignore
fi
git add ${TEMPLATED_FILES}
git rm .github/ISSUE_TEMPLATE.md || :
git commit -m 'Bot Updating Templated Files'
git push https://LinuxServer-CI:${GITHUB_TOKEN}@github.com/${LS_USER}/${LS_REPO}.git --all
echo "true" > /tmp/${COMMIT_SHA}-${BUILD_NUMBER}
@@ -255,8 +300,8 @@ pipeline {
fi
mkdir -p ${TEMPDIR}/gitbook
git clone https://github.com/linuxserver/docker-documentation.git ${TEMPDIR}/gitbook/docker-documentation
if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
cp ${TEMPDIR}/docker-${CONTAINER_NAME}/docker-${CONTAINER_NAME}.md ${TEMPDIR}/gitbook/docker-documentation/images/
if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md) || ("$(md5sum ${TEMPDIR}/gitbook/docker-documentation/images/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md | awk '{ print $1 }')") ]]; then
cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/docker-${CONTAINER_NAME}.md ${TEMPDIR}/gitbook/docker-documentation/images/
cd ${TEMPDIR}/gitbook/docker-documentation/
git add images/docker-${CONTAINER_NAME}.md
git commit -m 'Bot Updating Documentation'
@@ -266,13 +311,13 @@ pipeline {
git clone https://github.com/linuxserver/docker-templates.git ${TEMPDIR}/unraid/docker-templates
git clone https://github.com/linuxserver/templates.git ${TEMPDIR}/unraid/templates
if [[ -f ${TEMPDIR}/unraid/docker-templates/linuxserver.io/img/${CONTAINER_NAME}-icon.png ]]; then
sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/${CONTAINER_NAME}.xml
sed -i "s|master/linuxserver.io/img/linuxserver-ls-logo.png|master/linuxserver.io/img/${CONTAINER_NAME}-icon.png|" ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml
fi
if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
if [[ ("${BRANCH_NAME}" == "master") || ("${BRANCH_NAME}" == "main") ]] && [[ (! -f ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml) || ("$(md5sum ${TEMPDIR}/unraid/templates/unraid/${CONTAINER_NAME}.xml | awk '{ print $1 }')" != "$(md5sum ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml | awk '{ print $1 }')") ]]; then
if grep -wq "${CONTAINER_NAME}" ${TEMPDIR}/unraid/templates/unraid/ignore.list; then
echo "Image is on the ignore list, skipping Unraid template upload"
else
cp ${TEMPDIR}/docker-${CONTAINER_NAME}/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
cp ${TEMPDIR}/docker-${CONTAINER_NAME}/.jenkins-external/${CONTAINER_NAME}.xml ${TEMPDIR}/unraid/templates/unraid/
cd ${TEMPDIR}/unraid/templates/
git add unraid/${CONTAINER_NAME}.xml
git commit -m 'Bot Updating Unraid Template'
@@ -512,7 +557,7 @@ pipeline {
}
sh '''#! /bin/bash
set -e
docker pull ghcr.io/linuxserver/lsiodev-ci:latest
docker pull ghcr.io/linuxserver/ci:latest
if [ "${MULTIARCH}" == "true" ]; then
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm32v7-${COMMIT_SHA}-${BUILD_NUMBER}
docker pull ghcr.io/linuxserver/lsiodev-buildcache:arm64v8-${COMMIT_SHA}-${BUILD_NUMBER}
@@ -537,7 +582,7 @@ pipeline {
-e WEB_PATH=\"${CI_WEBPATH}\" \
-e DO_REGION="ams3" \
-e DO_BUCKET="lsio-ci" \
-t ghcr.io/linuxserver/lsiodev-ci:latest \
-t ghcr.io/linuxserver/ci:latest \
python /ci/ci.py'''
}
}
@@ -682,9 +727,9 @@ pipeline {
environment name: 'EXIT_STATUS', value: ''
}
steps {
echo "Pushing New tag for current commit ${EXT_RELEASE_CLEAN}-ls${LS_TAG_NUMBER}"
echo "Pushing New tag for current commit ${META_TAG}"
sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/git/tags \
-d '{"tag":"'${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}'",\
-d '{"tag":"'${META_TAG}'",\
"object": "'${COMMIT_SHA}'",\
"message": "Tagging Release '${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}' to master",\
"type": "commit",\
@@ -692,9 +737,9 @@ pipeline {
echo "Pushing New release for Tag"
sh '''#! /bin/bash
echo "Updating to ${EXT_RELEASE_CLEAN}" > releasebody.json
echo '{"tag_name":"'${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}'",\
echo '{"tag_name":"'${META_TAG}'",\
"target_commitish": "master",\
"name": "'${EXT_RELEASE_CLEAN}'-ls'${LS_TAG_NUMBER}'",\
"name": "'${META_TAG}'",\
"body": "**LinuxServer Changes:**\\n\\n'${LS_RELEASE_NOTES}'\\n**Remote Changes:**\\n\\n' > start
printf '","draft": false,"prerelease": false}' >> releasebody.json
paste -d'\\0' start releasebody.json > releasebody.json.done
@@ -721,7 +766,7 @@ pipeline {
TEMPDIR=$(mktemp -d)
docker pull ghcr.io/linuxserver/jenkins-builder:latest
docker run --rm -e CONTAINER_NAME=${CONTAINER_NAME} -e GITHUB_BRANCH="${BRANCH_NAME}" -v ${TEMPDIR}:/ansible/jenkins ghcr.io/linuxserver/jenkins-builder:latest
docker pull ghcr.io/linuxserver/lsiodev-readme-sync
docker pull ghcr.io/linuxserver/readme-sync
docker run --rm=true \
-e DOCKERHUB_USERNAME=$DOCKERUSER \
-e DOCKERHUB_PASSWORD=$DOCKERPASS \
@@ -729,7 +774,7 @@ pipeline {
-e DOCKER_REPOSITORY=${IMAGE} \
-e GIT_BRANCH=master \
-v ${TEMPDIR}/docker-${CONTAINER_NAME}:/mnt \
ghcr.io/linuxserver/lsiodev-readme-sync bash -c 'node sync'
ghcr.io/linuxserver/readme-sync bash -c 'node sync'
rm -Rf ${TEMPDIR} '''
}
}
+1
View File
@@ -246,6 +246,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **25.02.21:** - Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default` and restart the container).
* **21.01.21:** - Fix php iconv (was breaking the mail addon). If installed, attempt to remove broken CODE Server app during startup.
* **20.01.21:** - Increase php fcgi timeout to prevent 504 Gateway timeout errors (existing users should delete `/config/nginx/site-confs/default` and restart the container).
* **16.01.21:** - Rebasing to alpine 3.13. Users with issues on 32-bit arm, [see this article](https://docs.linuxserver.io/faq#my-host-is-incompatible-with-images-based-on-ubuntu-focal-and-alpine-3-13).
+59 -59
View File
@@ -3,14 +3,14 @@ alpine-keys-2.2-r0
alsa-lib-1.2.4-r2
aom-libs-1.0.0-r1
apache2-utils-2.4.46-r3
apk-tools-2.12.0-r4
apk-tools-2.12.1-r0
apr-1.7.0-r0
apr-util-1.6.1-r7
argon2-libs-20190702-r1
avahi-libs-0.8-r2
bash-5.1.0-r0
brotli-libs-1.0.9-r3
busybox-1.32.1-r2
busybox-1.32.1-r3
c-client-2007f-r11
ca-certificates-20191127-r5
ca-certificates-bundle-20191127-r5
@@ -18,7 +18,7 @@ cairo-1.16.0-r2
cairo-gobject-1.16.0-r2
coreutils-8.32-r2
cups-libs-2.3.3-r1
curl-7.74.0-r0
curl-7.74.0-r1
dbus-libs-1.12.20-r1
expat-2.2.10-r1
ffmpeg-4.3.1-r3
@@ -29,11 +29,11 @@ fribidi-1.0.10-r0
gdbm-1.19-r0
gdk-pixbuf-2.42.2-r0
ghostscript-9.53.3-r0
git-2.30.0-r0
glib-2.66.4-r0
git-2.30.2-r0
glib-2.66.7-r1
gmp-6.2.1-r0
gnu-libiconv-1.15-r3
gnutls-3.7.0-r0
gnutls-3.7.1-r0
graphite2-1.3.14-r0
harfbuzz-2.7.4-r1
icu-libs-67.1-r2
@@ -53,8 +53,8 @@ libbsd-0.10.0-r0
libbz2-1.0.8-r1
libc-utils-0.7.2-r3
libcap-2.46-r0
libcrypto1.1-1.1.1i-r0
libcurl-7.74.0-r0
libcrypto1.1-1.1.1j-r0
libcurl-7.74.0-r1
libdav1d-0.8.1-r0
libde265-1.0.4-r0
libdrm-2.4.104-r0
@@ -66,7 +66,7 @@ libheif-1.9.1-r0
libice-1.0.10-r0
libintl-0.20.2-r2
libjpeg-turbo-2.0.6-r0
libldap-2.4.56-r0
libldap-2.4.57-r1
libltdl-2.4.6-r7
libmagic-5.39-r0
libmcrypt-2.5.8-r9
@@ -75,18 +75,18 @@ libmount-2.36.1-r1
libogg-1.3.4-r0
libpciaccess-0.16-r0
libpng-1.6.37-r1
libpq-13.1-r1
libpq-13.2-r0
libproc-3.3.16-r0
libressl3.1-libcrypto-3.1.5-r0
libressl3.1-libssl-3.1.5-r0
librsvg-2.50.2-r0
librsvg-2.50.3-r0
libsasl-2.1.27-r10
libsm-1.2.3-r0
libsmbclient-4.13.3-r1
libsodium-1.0.18-r0
libsrt-1.4.2-r0
libssh-0.9.5-r0
libssl1.1-1.1.1i-r0
libssl1.1-1.1.1j-r0
libstdc++-10.2.1_pre1-r3
libtasn1-4.16.0-r1
libtheora-1.1.1-r16
@@ -109,7 +109,7 @@ libxft-2.3.3-r0
libxml2-2.9.10-r6
libxpm-3.5.13-r0
libxrender-0.9.10-r3
libxt-1.2.0-r0
libxt-1.2.1-r0
libzip-1.7.3-r2
linux-pam-1.5.1-r0
lmdb-0.9.27-r0
@@ -124,56 +124,56 @@ nettle-3.7-r0
nghttp2-libs-1.42.0-r1
nginx-1.18.0-r13
oniguruma-6.9.6-r0
openssl-1.1.1i-r0
openssl-1.1.1j-r0
opus-1.3.1-r1
p11-kit-0.23.22-r0
pango-1.48.1-r0
pango-1.48.2-r0
pcre-8.44-r0
pcre2-10.36-r0
php7-7.4.14-r0
php7-bcmath-7.4.14-r0
php7-bz2-7.4.14-r0
php7-common-7.4.14-r0
php7-ctype-7.4.14-r0
php7-curl-7.4.14-r0
php7-dom-7.4.14-r0
php7-exif-7.4.14-r0
php7-fileinfo-7.4.14-r0
php7-fpm-7.4.14-r0
php7-ftp-7.4.14-r0
php7-gd-7.4.14-r0
php7-gmp-7.4.14-r0
php7-iconv-7.4.14-r0
php7-imap-7.4.14-r0
php7-intl-7.4.14-r0
php7-json-7.4.14-r0
php7-ldap-7.4.14-r0
php7-mbstring-7.4.14-r0
php7-mysqlnd-7.4.14-r0
php7-opcache-7.4.14-r0
php7-openssl-7.4.14-r0
php7-pcntl-7.4.14-r0
php7-pdo-7.4.14-r0
php7-pdo_mysql-7.4.14-r0
php7-pdo_pgsql-7.4.14-r0
php7-pdo_sqlite-7.4.14-r0
php7-pecl-apcu-5.1.19-r1
php7-7.4.15-r0
php7-bcmath-7.4.15-r0
php7-bz2-7.4.15-r0
php7-common-7.4.15-r0
php7-ctype-7.4.15-r0
php7-curl-7.4.15-r0
php7-dom-7.4.15-r0
php7-exif-7.4.15-r0
php7-fileinfo-7.4.15-r0
php7-fpm-7.4.15-r0
php7-ftp-7.4.15-r0
php7-gd-7.4.15-r0
php7-gmp-7.4.15-r0
php7-iconv-7.4.15-r0
php7-imap-7.4.15-r0
php7-intl-7.4.15-r0
php7-json-7.4.15-r0
php7-ldap-7.4.15-r0
php7-mbstring-7.4.15-r0
php7-mysqlnd-7.4.15-r0
php7-opcache-7.4.15-r0
php7-openssl-7.4.15-r0
php7-pcntl-7.4.15-r0
php7-pdo-7.4.15-r0
php7-pdo_mysql-7.4.15-r0
php7-pdo_pgsql-7.4.15-r0
php7-pdo_sqlite-7.4.15-r0
php7-pecl-apcu-5.1.20-r0
php7-pecl-igbinary-3.2.2_rc1-r0
php7-pecl-imagick-3.4.4-r7
php7-pecl-mcrypt-1.0.4-r0
php7-pecl-memcached-3.1.5-r2
php7-pecl-redis-5.3.2-r0
php7-pgsql-7.4.14-r0
php7-phar-7.4.14-r0
php7-posix-7.4.14-r0
php7-session-7.4.14-r0
php7-simplexml-7.4.14-r0
php7-sodium-7.4.14-r0
php7-sqlite3-7.4.14-r0
php7-xml-7.4.14-r0
php7-xmlreader-7.4.14-r0
php7-xmlwriter-7.4.14-r0
php7-zip-7.4.14-r0
php7-pecl-redis-5.3.3-r0
php7-pgsql-7.4.15-r0
php7-phar-7.4.15-r0
php7-posix-7.4.15-r0
php7-session-7.4.15-r0
php7-simplexml-7.4.15-r0
php7-sodium-7.4.15-r0
php7-sqlite3-7.4.15-r0
php7-xml-7.4.15-r0
php7-xmlreader-7.4.15-r0
php7-xmlwriter-7.4.15-r0
php7-zip-7.4.15-r0
pixman-0.40.0-r2
pkgconf-1.7.3-r0
popt-1.18-r0
@@ -192,14 +192,14 @@ shared-mime-info-2.0-r0
skalibs-2.10.0.0-r0
soxr-0.1.3-r2
sqlite-libs-3.34.1-r0
ssl_client-1.32.1-r2
sudo-1.9.5p1-r0
ssl_client-1.32.1-r3
sudo-1.9.5p2-r0
talloc-2.3.1-r0
tar-1.33-r1
tdb-libs-1.4.3-r0
tevent-0.10.2-r0
tiff-4.1.0-r2
tzdata-2020f-r0
tiff-4.2.0-r0
tzdata-2021a-r0
unzip-6.0-r8
utmps-0.1.0.0-r0
v4l-utils-libs-1.20.0-r0
+1
View File
@@ -75,6 +75,7 @@ app_setup_block: |
# changelog
changelogs:
- { date: "25.02.21:", desc: "Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default` and restart the container)." }
- { date: "21.01.21:", desc: "Fix php iconv (was breaking the mail addon). If installed, attempt to remove broken CODE Server app during startup." }
- { date: "20.01.21:", desc: "Increase php fcgi timeout to prevent 504 Gateway timeout errors (existing users should delete `/config/nginx/site-confs/default` and restart the container)." }
- { date: "16.01.21:", desc: "Rebasing to alpine 3.13. Users with issues on 32-bit arm, [see this article](https://docs.linuxserver.io/faq#my-host-is-incompatible-with-images-based-on-ubuntu-focal-and-alpine-3-13)." }
+89 -70
View File
@@ -25,98 +25,117 @@ server {
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
fastcgi_hide_header X-Powered-By;
root /config/www/nextcloud/;
# display real ip in nginx logs when connected through reverse proxy via docker network
set_real_ip_from 172.0.0.0/8;
real_ip_header X-Forwarded-For;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/webfinger {
return 301 $scheme://$host:$server_port/public.php?service=webfinger;
}
location = /.well-known/host-meta {
return 301 $scheme://$host:$server_port/public.php?service=host-meta;
}
location = /.well-known/host-meta.json {
return 301 $scheme://$host:$server_port/public.php?service=host-meta-json;
}
client_max_body_size 10G;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
rewrite ^ /index.php;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
root /config/www/nextcloud/;
# display real ip in nginx logs when connected through reverse proxy via docker network
set_real_ip_from 172.0.0.0/8;
real_ip_header X-Forwarded-For;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The following 6 rules are borrowed from `.htaccess`
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
# Anything else is dynamically handled by Nextcloud
location ^~ /.well-known { return 301 /index.php$uri; }
try_files $uri $uri/ =404;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 3600;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
access_log off;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
access_log off;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
+3 -3
View File
@@ -14,7 +14,7 @@
[[ ! -x /usr/bin/updater.phar ]] && \
chmod +x /usr/bin/updater.phar
if occ app:list | grep -q richdocumentscode; then
echo "Removing CODE Server"
occ app:remove richdocumentscode
if ( occ app:list --no-interaction | grep -q richdocumentscode) 2>/dev/null; then
echo "Removing CODE Server"
occ app:remove --no-interaction richdocumentscode 2>/dev/null
fi