add: new dockerfile for nextcloud

docker/dockerfiles/nextcloud-base.Dockerfile

@@ -1,47 +1,167 @@
-FROM pondersource/php-base:8.3
+FROM php:8.2-apache-bookworm@sha256:b8d8c9d7882fdea9d2ef5b3829bf9e34fb368f833c52f13ea64706df27cb6561
 
 # keys for oci taken from:
 # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
 LABEL org.opencontainers.image.licenses=MIT
-LABEL org.opencontainers.image.title="PonderSource Nextcloud Image"
+LABEL org.opencontainers.image.title="PonderSource Nextcloud Base Image"
 LABEL org.opencontainers.image.source="https://github.com/pondersource/dev-stock"
 LABEL org.opencontainers.image.authors="Mohammad Mahdi Baghbani Pourvahid"
 
-# remove html directory and recreate it with correct permissions
-RUN rm -rf /var/www/html && mkdir /var/www/html
-RUN chown -R www-data:www-data /var/www/html
-RUN chmod -R 775 /var/www/html
+# entrypoint.sh and cron.sh dependencies
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+    git \
+    vim \
+    curl\
+    bzip2 \
+    rsync \
+    iproute2 \
+    busybox-static \
+    libldap-common \
+    ca-certificates \
+    libmagickcore-6.q16-6-extra \
+    ; \
+    rm -rf /var/lib/apt/lists/*; \
+    \
+    mkdir -p /var/spool/cron/crontabs; \
+    echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
 
-WORKDIR /var/www/html
+# install the PHP extensions we need
+# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
+ENV PHP_MEMORY_LIMIT 512M
+ENV PHP_UPLOAD_LIMIT 512M
+RUN set -ex; \
+    \
+    savedAptMark="$(apt-mark showmanual)"; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+    libcurl4-openssl-dev \
+    libevent-dev \
+    libfreetype6-dev \
+    libgmp-dev \
+    libicu-dev \
+    libjpeg-dev \
+    libldap2-dev \
+    libmagickwand-dev \
+    libmcrypt-dev \
+    libmemcached-dev \
+    libpng-dev \
+    libpq-dev \
+    libwebp-dev \
+    libxml2-dev \
+    libzip-dev \
+    ; \
+    \
+    debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
+    docker-php-ext-configure ftp --with-openssl-dir=/usr; \
+    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
+    docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
+    docker-php-ext-install -j "$(nproc)" \
+    bcmath \
+    exif \
+    ftp \
+    gd \
+    gmp \
+    intl \
+    ldap \
+    opcache \
+    pcntl \
+    pdo_mysql \
+    pdo_pgsql \
+    sysvsem \
+    zip \
+    ; \
+    \
+    # pecl will claim success even if one install fails, so we need to perform each install separately
+    pecl install APCu-5.1.24; \
+    pecl install imagick-3.7.0; \
+    pecl install memcached-3.3.0; \
+    pecl install redis-6.1.0; \
+    \
+    docker-php-ext-enable \
+    apcu \
+    imagick \
+    memcached \
+    redis \
+    ; \
+    rm -r /tmp/pear; \
+    \
+    # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
+    apt-mark auto '.*' > /dev/null; \
+    apt-mark manual $savedAptMark; \
+    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
+    | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
+    | sort -u \
+    | xargs -r dpkg-query --search \
+    | cut -d: -f1 \
+    | sort -u \
+    | xargs -rt apt-mark manual; \
+    \
+    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+    rm -rf /var/lib/apt/lists/*
 
-USER www-data
+# set recommended PHP.ini settings
+# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
+RUN { \
+    echo 'opcache.enable=1'; \
+    echo 'opcache.interned_strings_buffer=32'; \
+    echo 'opcache.max_accelerated_files=10000'; \
+    echo 'opcache.memory_consumption=128'; \
+    echo 'opcache.save_comments=1'; \
+    echo 'opcache.revalidate_freq=60'; \
+    echo 'opcache.jit=1255'; \
+    echo 'opcache.jit_buffer_size=128M'; \
+    } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
+    \
+    echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
+    \
+    { \
+    echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
+    echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
+    echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
+    } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \
+    \
+    mkdir /var/www/data; \
+    mkdir -p /docker-entrypoint-hooks.d/pre-installation \
+    /docker-entrypoint-hooks.d/post-installation \
+    /docker-entrypoint-hooks.d/pre-upgrade \
+    /docker-entrypoint-hooks.d/post-upgrade \
+    /docker-entrypoint-hooks.d/before-starting; \
+    chown -R www-data:root /var/www; \
+    chmod -R g=u /var/www
 
-ARG REPO_NEXTCLOUD=https://github.com/nextcloud/server
-ARG BRANCH_NEXTCLOUD=v28.0.12
-# CACHEBUST forces docker to clone fresh source codes from git.
-# example: docker build -t your-image --build-arg CACHEBUST="default" .
-# $RANDOM returns random number each time.
-ARG CACHEBUST="default"
-RUN git clone                       \
-    --depth 1                       \
-    --recursive                     \
-    --shallow-submodules            \
-    --branch ${BRANCH_NEXTCLOUD}    \
-    ${REPO_NEXTCLOUD}               \
-    .
+VOLUME /var/www/html
 
-USER root
+COPY ./tls/certificates/* /tls/
+COPY ./tls/certificate-authority/* /tls/
+RUN ln --symbolic --force /tls/*.crt /usr/local/share/ca-certificates; \
+    update-ca-certificates
 
-ENV PHP_MEMORY_LIMIT="512M"
+COPY ./configs/nextcloud/apache.conf /etc/apache2/sites-enabled/000-default.conf
+
+RUN a2enmod headers rewrite remoteip ssl; \
+    { \
+    echo 'RemoteIPHeader X-Real-IP'; \
+    echo 'RemoteIPInternalProxy 10.0.0.0/8'; \
+    echo 'RemoteIPInternalProxy 172.16.0.0/12'; \
+    echo 'RemoteIPInternalProxy 192.168.0.0/16'; \
+    } > /etc/apache2/conf-available/remoteip.conf; \
+    a2enconf remoteip; \
+    chown -R www-data:root /var/log/apache2; \
+    chmod -R g=u /var/log/apache2
+
+# set apache config LimitRequestBody
+ENV APACHE_BODY_LIMIT 1073741824
+RUN { \
+    echo 'LimitRequestBody ${APACHE_BODY_LIMIT}'; \
+    } > /etc/apache2/conf-available/apache-limits.conf; \
+    a2enconf apache-limits
 
 RUN curl --silent --show-error https://getcomposer.org/installer -o /root/composer-setup.php
 RUN php /root/composer-setup.php --install-dir=/usr/local/bin --filename=composer
 
-USER www-data
-# this file can be overrided in docker run or docker compose.yaml.
-# example: docker run --volume new-init.sh:/init.sh:ro
-COPY ./scripts/init/nextcloud.sh /init.sh
-RUN mkdir -p data; touch data/nextcloud.log
-
-USER root
-CMD /usr/sbin/httpd -DFOREGROUND & tail -f /var/log/apache2/access.log & tail -f /var/log/apache2/error.log & tail -f data/nextcloud.log
+ENTRYPOINT ["/entrypoint.sh"]
+CMD apache2ctl -DFOREGROUND & tail --follow /var/log/apache2/access.log & tail --follow /var/log/apache2/error.log & tail --follow /var/www/html/data/nextcloud.log

docker/dockerfiles/nextcloud.Dockerfile

@@ -1,4 +1,4 @@
-FROM pondersource/dev-stock-php-base:latest
+FROM pondersource/dev-stock-nextcloud-base:latest
 
 # keys for oci taken from:
 # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
@@ -7,39 +7,27 @@ LABEL org.opencontainers.image.title="PonderSource Nextcloud Image"
 LABEL org.opencontainers.image.source="https://github.com/pondersource/dev-stock"
 LABEL org.opencontainers.image.authors="Mohammad Mahdi Baghbani Pourvahid"
 
-RUN rm --recursive --force /var/www/html
-USER www-data
+ARG NEXTCLOUD_REPO=https://github.com/nextcloud/server
+ARG NEXTCLOUD_BRANCH=v30.0.2
 
-ARG REPO_NEXTCLOUD=https://github.com/nextcloud/server
-ARG BRANCH_NEXTCLOUD=v30.0.0
 # CACHEBUST forces docker to clone fresh source codes from git.
 # example: docker build -t your-image --build-arg CACHEBUST="default" .
 # $RANDOM returns random number each time.
 ARG CACHEBUST="default"
-RUN git clone                       \
-    --depth 1                       \
-    --recursive                     \
-    --shallow-submodules            \
-    --branch ${BRANCH_NEXTCLOUD}    \
-    ${REPO_NEXTCLOUD}               \
-    html
-
-USER root
-WORKDIR /var/www/html
-
-# switch php version for Nextloud.
-RUN switch-php.sh 8.2
-
-ENV PHP_MEMORY_LIMIT="512M"
-
-RUN curl --silent --show-error https://getcomposer.org/installer -o /root/composer-setup.php
-RUN php /root/composer-setup.php --install-dir=/usr/local/bin --filename=composer
-
-USER www-data
-# this file can be overrided in docker run or docker compose.yaml.
-# example: docker run --volume new-init.sh:/init.sh:ro
-COPY ./scripts/init/nextcloud.sh /init.sh
-RUN mkdir -p data; touch data/nextcloud.log
-
-USER root
-CMD /usr/sbin/apache2ctl -DFOREGROUND & tail --follow /var/log/apache2/access.log & tail --follow /var/log/apache2/error.log & tail --follow data/nextcloud.log
+RUN set -ex; \
+    cd /usr/src/; \
+    git clone \
+    --depth 1 \
+    --recursive \
+    --shallow-submodules \
+    --branch ${NEXTCLOUD_BRANCH} \
+    ${NEXTCLOUD_REPO} \
+    nextcloud; \
+    rm -rf /usr/src/nextcloud/.git; \
+    mkdir -p /usr/src/nextcloud/data; \
+    mkdir -p /usr/src/nextcloud/custom_apps; \
+    chmod +x /usr/src/nextcloud/occ
+
+COPY ./scripts/nextcloud/*.sh /
+COPY ./scripts/nextcloud/upgrade.exclude /
+COPY ./configs/nextcloud/* /usr/src/nextcloud/config/