Update to Nextcloud 23.0.9 + Add Support for Initialization Locking

This toggles on the new locking support added to 23.0.4 in: nextcloud/docker#1728 It can be disabled with NEXTCLOUD_INIT_LOCK being set to `false`, but we default it on in our image since we support multiple pods by default.
Inveniem · Sep 13, 2022 · ba1b2b5 · ba1b2b5
1 parent 3e60b0d
commit ba1b2b5
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 8 deletions.
diff --git a/docker/backend-nextcloud-apache/Dockerfile b/docker/backend-nextcloud-apache/Dockerfile
@@ -8,9 +8,10 @@
 # @copyright Copyright (c) 2019, Inveniem
 # @license GNU AGPL version 3 or any later version
 #
-FROM nextcloud:23.0.2-apache
+FROM nextcloud:23.0.9-apache
 
 ENV NEXTCLOUD_CONFIG_READ_ONLY "false"
+ENV NEXTCLOUD_INIT_LOCK "true"
 
 # Eliminate default APCu configuration (we're using Redis)
 #

diff --git a/docker/backend-nextcloud-fpm/Dockerfile b/docker/backend-nextcloud-fpm/Dockerfile
@@ -57,9 +57,10 @@ RUN set -eux;\
 ################################################################################
 # This is the container that actually gets pushed.
 #
-FROM nextcloud:23.0.2-fpm-alpine
+FROM nextcloud:23.0.9-fpm-alpine
 
 ENV NEXTCLOUD_CONFIG_READ_ONLY "false"
+ENV NEXTCLOUD_INIT_LOCK "true"
 
 # Fix-up www-data UID from 82 to 33.
 #

diff --git a/docker/middle-nextcloud-nginx/nginx.conf b/docker/middle-nextcloud-nginx/nginx.conf
@@ -27,6 +27,9 @@ http {
     sendfile        on;
     #tcp_nopush     on;
 
+    # Prevent nginx HTTP Server Detection
+    server_tokens   off;
+
     ## Customizations for the Inveniem AKS Image ##
     keepalive_timeout  65;
 

diff --git a/docker/nextcloud-common/entrypoint.sh b/docker/nextcloud-common/entrypoint.sh
@@ -15,12 +15,46 @@
 
 set -eu
 
+acquire_lock() {
+    # If another process is syncing the html folder, wait for it to be done,
+    # then escape initialization.
+    #
+    # You need to define the NEXTCLOUD_INIT_LOCK environment variable
+    lock=/var/www/html/nextcloud-init-sync.lock
+    count=0
+    limit=10
+
+    if [ -f "${lock}" ] && [ "${NEXTCLOUD_INIT_LOCK:-}" = "true" ]; then
+        until [ ! -f "${lock}" ] || [ "$count" -gt "${limit}" ]; do
+            count=$((count+1))
+            wait=$((count*10))
+
+            echo "Another process is initializing Nextcloud. Waiting ${wait} seconds..."
+            sleep $wait
+        done
+
+        if [ "${count}" -gt "${limit}" ]; then
+            echo "Timeout while waiting for an ongoing initialization"
+            exit 1
+        fi
+
+        echo "The other process is done, assuming complete initialization"
+    else
+        # Prevent multiple images syncing simultaneously
+        touch "${lock}"
+    fi
+}
+
+release_lock() {
+    rm "${lock}"
+}
+
 initialize_environment_vars() {
-  if ! touch "/var/www/html/config/.writable" 1>/dev/null 2>&1; then
-    # Force environment variable to `true` whenever the config folder is mounted
-    # read-only, even if the var was not explicitly set as such.
-    export NEXTCLOUD_CONFIG_READ_ONLY="true"
-  fi
+    if ! touch "/var/www/html/config/.writable" 1>/dev/null 2>&1; then
+        # Force environment variable to `true` whenever the config folder is mounted
+        # read-only, even if the var was not explicitly set as such.
+        export NEXTCLOUD_CONFIG_READ_ONLY="true"
+    fi
 }
 
 initialize_container() {
@@ -40,6 +74,7 @@ initialize_container() {
         image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
 
         ensure_compatible_image "${installed_version}" "${image_version}"
+        acquire_lock
         deploy_nextcloud_release
         setup_redis
         tune_php
@@ -58,6 +93,7 @@ initialize_container() {
         fi
 
         update_htaccess
+        release_lock
     fi
 }
 
@@ -264,6 +300,13 @@ capture_install_options() {
         install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
     fi
 
+    file_env MYSQL_DATABASE
+    file_env MYSQL_PASSWORD
+    file_env MYSQL_USER
+    file_env POSTGRES_DB
+    file_env POSTGRES_PASSWORD
+    file_env POSTGRES_USER
+
     install_type="None"
 
     if [ -n "${SQLITE_DATABASE+x}" ]; then
@@ -385,6 +428,34 @@ run_as() {
     fi
 }
 
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+    var="$1"
+    fileVar="${var}_FILE"
+    def="${2:-}"
+    varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+
+    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
+        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+        exit 1
+    fi
+
+    if [ -n "${varValue}" ]; then
+        export "$var"="${varValue}"
+    elif [ -n "${fileVarValue}" ]; then
+        export "$var"="$(cat "${fileVarValue}")"
+    elif [ -n "${def}" ]; then
+        export "$var"="$def"
+    fi
+
+    unset "$fileVar"
+}
+
+
 container_type="${1:-none}"
 
 initialize_environment_vars

diff --git a/docker/nextcloud-cron/Dockerfile b/docker/nextcloud-cron/Dockerfile
@@ -7,7 +7,7 @@
 # @copyright Copyright (c) 2019-2020, Inveniem
 # @license GNU AGPL version 3 or any later version
 #
-FROM nextcloud:23.0.2-fpm
+FROM nextcloud:23.0.9-fpm
 
 ENV NEXTCLOUD_CONFIG_READ_ONLY "true"