mirror of
https://github.com/linuxserver/docker-nextcloud.git
synced 2026-06-03 09:57:35 +00:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 5432119b35 | |||
| 93a31b92d8 | |||
| 1f4892f00d |
Vendored
+88
-86
@@ -75,7 +75,6 @@ pipeline {
|
|||||||
'''
|
'''
|
||||||
script{
|
script{
|
||||||
env.EXIT_STATUS = ''
|
env.EXIT_STATUS = ''
|
||||||
env.CI_TEST_ATTEMPTED = ''
|
|
||||||
env.LS_RELEASE = sh(
|
env.LS_RELEASE = sh(
|
||||||
script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:develop 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
|
script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:develop 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
|
||||||
returnStdout: true).trim()
|
returnStdout: true).trim()
|
||||||
@@ -284,7 +283,7 @@ pipeline {
|
|||||||
-v ${WORKSPACE}:/mnt \
|
-v ${WORKSPACE}:/mnt \
|
||||||
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
|
-e AWS_ACCESS_KEY_ID=\"${S3_KEY}\" \
|
||||||
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
|
-e AWS_SECRET_ACCESS_KEY=\"${S3_SECRET}\" \
|
||||||
ghcr.io/linuxserver/baseimage-alpine:3.23 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
|
ghcr.io/linuxserver/baseimage-alpine:3 s6-envdir -fn -- /var/run/s6/container_environment /bin/bash -c "\
|
||||||
apk add --no-cache python3 && \
|
apk add --no-cache python3 && \
|
||||||
python3 -m venv /lsiopy && \
|
python3 -m venv /lsiopy && \
|
||||||
pip install --no-cache-dir -U pip && \
|
pip install --no-cache-dir -U pip && \
|
||||||
@@ -872,7 +871,6 @@ pipeline {
|
|||||||
script{
|
script{
|
||||||
env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
|
env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
|
||||||
env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json'
|
env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json'
|
||||||
env.CI_TEST_ATTEMPTED = 'true'
|
|
||||||
}
|
}
|
||||||
sh '''#! /bin/bash
|
sh '''#! /bin/bash
|
||||||
set -e
|
set -e
|
||||||
@@ -1075,13 +1073,98 @@ EOF
|
|||||||
) '''
|
) '''
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// If this is a Pull request send the CI link as a comment on it
|
||||||
|
stage('Pull Request Comment') {
|
||||||
|
when {
|
||||||
|
not {environment name: 'CHANGE_ID', value: ''}
|
||||||
|
environment name: 'EXIT_STATUS', value: ''
|
||||||
|
}
|
||||||
|
steps {
|
||||||
|
sh '''#! /bin/bash
|
||||||
|
# Function to retrieve JSON data from URL
|
||||||
|
get_json() {
|
||||||
|
local url="$1"
|
||||||
|
local response=$(curl -s "$url")
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "Failed to retrieve JSON data from $url"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
local json=$(echo "$response" | jq .)
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "Failed to parse JSON data from $url"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
echo "$json"
|
||||||
|
}
|
||||||
|
|
||||||
|
build_table() {
|
||||||
|
local data="$1"
|
||||||
|
|
||||||
|
# Get the keys in the JSON data
|
||||||
|
local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]')
|
||||||
|
|
||||||
|
# Check if keys are empty
|
||||||
|
if [ -z "$keys" ]; then
|
||||||
|
echo "JSON report data does not contain any keys or the report does not exist."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Build table header
|
||||||
|
local header="| Tag | Passed |\\n| --- | --- |\\n"
|
||||||
|
|
||||||
|
# Loop through the JSON data to build the table rows
|
||||||
|
local rows=""
|
||||||
|
for build in $keys; do
|
||||||
|
local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success")
|
||||||
|
if [ "$status" = "true" ]; then
|
||||||
|
status="✅"
|
||||||
|
else
|
||||||
|
status="❌"
|
||||||
|
fi
|
||||||
|
local row="| "$build" | "$status" |\\n"
|
||||||
|
rows="${rows}${row}"
|
||||||
|
done
|
||||||
|
|
||||||
|
local table="${header}${rows}"
|
||||||
|
local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g')
|
||||||
|
echo "$escaped_table"
|
||||||
|
}
|
||||||
|
|
||||||
|
if [[ "${CI}" = "true" ]]; then
|
||||||
|
# Retrieve JSON data from URL
|
||||||
|
data=$(get_json "$CI_JSON_URL")
|
||||||
|
# Create table from JSON data
|
||||||
|
table=$(build_table "$data")
|
||||||
|
echo -e "$table"
|
||||||
|
|
||||||
|
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
|
||||||
|
-H "Accept: application/vnd.github.v3+json" \
|
||||||
|
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
|
||||||
|
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
|
||||||
|
else
|
||||||
|
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
|
||||||
|
-H "Accept: application/vnd.github.v3+json" \
|
||||||
|
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
|
||||||
|
-d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
|
||||||
|
fi
|
||||||
|
'''
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
/* ######################
|
/* ######################
|
||||||
Comment on PR and Send status to Discord
|
Send status to Discord
|
||||||
###################### */
|
###################### */
|
||||||
post {
|
post {
|
||||||
always {
|
always {
|
||||||
script {
|
sh '''#!/bin/bash
|
||||||
|
rm -rf /config/.ssh/id_sign
|
||||||
|
rm -rf /config/.ssh/id_sign.pub
|
||||||
|
git config --global --unset gpg.format
|
||||||
|
git config --global --unset user.signingkey
|
||||||
|
git config --global --unset commit.gpgsign
|
||||||
|
'''
|
||||||
|
script{
|
||||||
env.JOB_DATE = sh(
|
env.JOB_DATE = sh(
|
||||||
script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''',
|
script: '''date '+%Y-%m-%dT%H:%M:%S%:z' ''',
|
||||||
returnStdout: true).trim()
|
returnStdout: true).trim()
|
||||||
@@ -1124,87 +1207,6 @@ EOF
|
|||||||
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
|
"username": "Jenkins"}' ${BUILDS_DISCORD} '''
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
script {
|
|
||||||
if (env.GITHUBIMAGE =~ /lspipepr/){
|
|
||||||
if (env.CI_TEST_ATTEMPTED == "true"){
|
|
||||||
sh '''#! /bin/bash
|
|
||||||
# Function to retrieve JSON data from URL
|
|
||||||
get_json() {
|
|
||||||
local url="$1"
|
|
||||||
local response=$(curl -s "$url")
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Failed to retrieve JSON data from $url"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
local json=$(echo "$response" | jq .)
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Failed to parse JSON data from $url"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
echo "$json"
|
|
||||||
}
|
|
||||||
|
|
||||||
build_table() {
|
|
||||||
local data="$1"
|
|
||||||
|
|
||||||
# Get the keys in the JSON data
|
|
||||||
local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]')
|
|
||||||
|
|
||||||
# Check if keys are empty
|
|
||||||
if [ -z "$keys" ]; then
|
|
||||||
echo "JSON report data does not contain any keys or the report does not exist."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Build table header
|
|
||||||
local header="| Tag | Passed |\\n| --- | --- |\\n"
|
|
||||||
|
|
||||||
# Loop through the JSON data to build the table rows
|
|
||||||
local rows=""
|
|
||||||
for build in $keys; do
|
|
||||||
local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success")
|
|
||||||
if [ "$status" = "true" ]; then
|
|
||||||
status="✅"
|
|
||||||
else
|
|
||||||
status="❌"
|
|
||||||
fi
|
|
||||||
local row="| "$build" | "$status" |\\n"
|
|
||||||
rows="${rows}${row}"
|
|
||||||
done
|
|
||||||
|
|
||||||
local table="${header}${rows}"
|
|
||||||
local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g')
|
|
||||||
echo "$escaped_table"
|
|
||||||
}
|
|
||||||
|
|
||||||
if [[ "${CI}" = "true" ]]; then
|
|
||||||
# Retrieve JSON data from URL
|
|
||||||
data=$(get_json "$CI_JSON_URL")
|
|
||||||
# Create table from JSON data
|
|
||||||
table=$(build_table "$data")
|
|
||||||
echo -e "$table"
|
|
||||||
|
|
||||||
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
|
|
||||||
-H "Accept: application/vnd.github.v3+json" \
|
|
||||||
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
|
|
||||||
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"
|
|
||||||
else
|
|
||||||
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
|
|
||||||
-H "Accept: application/vnd.github.v3+json" \
|
|
||||||
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
|
|
||||||
-d "{\\"body\\": \\"I am a bot, here is the pushed image/manifest for this PR: \\n\\n\\`${GITHUBIMAGE}:${META_TAG}\\`\\"}"
|
|
||||||
fi
|
|
||||||
'''
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sh '''#!/bin/bash
|
|
||||||
rm -rf /config/.ssh/id_sign
|
|
||||||
rm -rf /config/.ssh/id_sign.pub
|
|
||||||
git config --global --unset gpg.format
|
|
||||||
git config --global --unset user.signingkey
|
|
||||||
git config --global --unset commit.gpgsign
|
|
||||||
'''
|
|
||||||
}
|
}
|
||||||
cleanup {
|
cleanup {
|
||||||
sh '''#! /bin/bash
|
sh '''#! /bin/bash
|
||||||
|
|||||||
@@ -135,7 +135,7 @@ If you are using a reverse proxy which validates certificates, you need to [disa
|
|||||||
To help you get started creating a container from this image you can either use docker-compose or the docker cli.
|
To help you get started creating a container from this image you can either use docker-compose or the docker cli.
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>Unless a parameter is flagged as 'optional', it is *mandatory* and a value must be provided.
|
>Unless a parameter is flaged as 'optional', it is *mandatory* and a value must be provided.
|
||||||
|
|
||||||
### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
|
### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
|
||||||
|
|
||||||
|
|||||||
+492
-615
File diff suppressed because it is too large
Load Diff
@@ -144,6 +144,7 @@ init_diagram: |
|
|||||||
"nextcloud:develop" <- Base Images
|
"nextcloud:develop" <- Base Images
|
||||||
# changelog
|
# changelog
|
||||||
changelogs:
|
changelogs:
|
||||||
|
- {date: "08.02.26:", desc: "Existing users should update: site-confs/default.conf - Deny access to all dotfiles."}
|
||||||
- {date: "10.07.25:", desc: "Rebase to Alpine 3.22."}
|
- {date: "10.07.25:", desc: "Rebase to Alpine 3.22."}
|
||||||
- {date: "12.02.25:", desc: "Rebase to Alpine 3.21."}
|
- {date: "12.02.25:", desc: "Rebase to Alpine 3.21."}
|
||||||
- {date: "09.01.25:", desc: "Fix uploading large files. Existing users should update their nginx confs."}
|
- {date: "09.01.25:", desc: "Fix uploading large files. Existing users should update their nginx confs."}
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
## Version 2025/07/10 - Changelog: https://github.com/linuxserver/docker-nextcloud/commits/master/root/defaults/nginx/site-confs/default.conf.sample
|
## Version 2026/05/05 - Changelog: https://github.com/linuxserver/docker-nextcloud/commits/master/root/defaults/nginx/site-confs/default.conf.sample
|
||||||
|
|
||||||
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||||
map $arg_v $asset_immutable {
|
map $arg_v $asset_immutable {
|
||||||
@@ -20,6 +20,13 @@ server {
|
|||||||
|
|
||||||
root /app/www/public;
|
root /app/www/public;
|
||||||
|
|
||||||
|
# deny access to all dotfiles
|
||||||
|
location ~ /\. {
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
|
|
||||||
# display real ip in nginx logs when connected through reverse proxy via docker network
|
# display real ip in nginx logs when connected through reverse proxy via docker network
|
||||||
set_real_ip_from 172.16.0.0/12;
|
set_real_ip_from 172.16.0.0/12;
|
||||||
real_ip_header X-Forwarded-For;
|
real_ip_header X-Forwarded-For;
|
||||||
@@ -49,12 +56,12 @@ server {
|
|||||||
client_body_buffer_size 512k;
|
client_body_buffer_size 512k;
|
||||||
|
|
||||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||||
add_header Referrer-Policy "no-referrer" always;
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
|
||||||
# Remove X-Powered-By, which is an information leak
|
# Remove X-Powered-By, which is an information leak
|
||||||
fastcgi_hide_header X-Powered-By;
|
fastcgi_hide_header X-Powered-By;
|
||||||
@@ -92,11 +99,19 @@ server {
|
|||||||
# The rules in this block are an adaptation of the rules
|
# The rules in this block are an adaptation of the rules
|
||||||
# in `.htaccess` that concern `/.well-known`.
|
# in `.htaccess` that concern `/.well-known`.
|
||||||
|
|
||||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
location = /.well-known/carddav {
|
||||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
return 301 /remote.php/dav/;
|
||||||
|
}
|
||||||
|
location = /.well-known/caldav {
|
||||||
|
return 301 /remote.php/dav/;
|
||||||
|
}
|
||||||
|
|
||||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
location /.well-known/acme-challenge {
|
||||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /.well-known/pki-validation {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||||
# requests by passing them to the front-end controller.
|
# requests by passing them to the front-end controller.
|
||||||
@@ -104,8 +119,12 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) {
|
||||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
return 404;
|
||||||
|
}
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
|
|
||||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||||
# which handle static assets (as seen below). If this block is not declared first,
|
# which handle static assets (as seen below). If this block is not declared first,
|
||||||
@@ -124,8 +143,8 @@ server {
|
|||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
fastcgi_param PATH_INFO $path_info;
|
fastcgi_param PATH_INFO $path_info;
|
||||||
|
|
||||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||||
fastcgi_pass 127.0.0.1:9000;
|
fastcgi_pass 127.0.0.1:9000;
|
||||||
|
|
||||||
fastcgi_intercept_errors on;
|
fastcgi_intercept_errors on;
|
||||||
@@ -138,7 +157,7 @@ server {
|
|||||||
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||||
try_files $uri /index.php$request_uri;
|
try_files $uri /index.php$request_uri;
|
||||||
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
|
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
|
||||||
access_log off; # Optional: Don't log access to assets
|
access_log off; # Optional: Don't log access to assets
|
||||||
|
|
||||||
location ~ \.wasm$ {
|
location ~ \.wasm$ {
|
||||||
default_type application/wasm;
|
default_type application/wasm;
|
||||||
@@ -148,8 +167,8 @@ server {
|
|||||||
|
|
||||||
location ~ \.woff2?$ {
|
location ~ \.woff2?$ {
|
||||||
try_files $uri /index.php$request_uri;
|
try_files $uri /index.php$request_uri;
|
||||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||||
access_log off; # Optional: Don't log access to assets
|
access_log off; # Optional: Don't log access to assets
|
||||||
}
|
}
|
||||||
|
|
||||||
# Rule borrowed from `.htaccess`
|
# Rule borrowed from `.htaccess`
|
||||||
@@ -157,6 +176,14 @@ server {
|
|||||||
return 301 /remote.php$request_uri;
|
return 301 /remote.php$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Support for the Client Push (notify_push) plugin, needs mod installed https://github.com/linuxserver/docker-mods/tree/nextcloud-notify-push
|
||||||
|
location ^~ /push/ {
|
||||||
|
proxy_pass http://127.0.0.1:7867/;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
# enable for basic auth
|
# enable for basic auth
|
||||||
#auth_basic "Restricted";
|
#auth_basic "Restricted";
|
||||||
@@ -164,9 +191,4 @@ server {
|
|||||||
|
|
||||||
try_files $uri $uri/ /index.php$request_uri;
|
try_files $uri $uri/ /index.php$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
# deny access to .htaccess/.htpasswd files
|
|
||||||
location ~ /\.ht {
|
|
||||||
deny all;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user