From c358d412e545d4906bbb47c577acd13e1bdd7db2 Mon Sep 17 00:00:00 2001 From: Mohammad Mahdi Baghbani Pourvahid Date: Sat, 14 Dec 2024 11:25:41 +0000 Subject: [PATCH] add: new dockerfile for nextcloud --- docker/dockerfiles/nextcloud-base.Dockerfile | 182 +++++++++++++++---- docker/dockerfiles/nextcloud.Dockerfile | 52 ++---- 2 files changed, 171 insertions(+), 63 deletions(-) diff --git a/docker/dockerfiles/nextcloud-base.Dockerfile b/docker/dockerfiles/nextcloud-base.Dockerfile index 803d960..6800f6a 100644 --- a/docker/dockerfiles/nextcloud-base.Dockerfile +++ b/docker/dockerfiles/nextcloud-base.Dockerfile @@ -1,47 +1,167 @@ -FROM pondersource/php-base:8.3 +FROM php:8.2-apache-bookworm@sha256:b8d8c9d7882fdea9d2ef5b3829bf9e34fb368f833c52f13ea64706df27cb6561 # keys for oci taken from: # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys LABEL org.opencontainers.image.licenses=MIT -LABEL org.opencontainers.image.title="PonderSource Nextcloud Image" +LABEL org.opencontainers.image.title="PonderSource Nextcloud Base Image" LABEL org.opencontainers.image.source="https://github.com/pondersource/dev-stock" LABEL org.opencontainers.image.authors="Mohammad Mahdi Baghbani Pourvahid" -# remove html directory and recreate it with correct permissions -RUN rm -rf /var/www/html && mkdir /var/www/html -RUN chown -R www-data:www-data /var/www/html -RUN chmod -R 775 /var/www/html +# entrypoint.sh and cron.sh dependencies +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + git \ + vim \ + curl\ + bzip2 \ + rsync \ + iproute2 \ + busybox-static \ + libldap-common \ + ca-certificates \ + libmagickcore-6.q16-6-extra \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /var/spool/cron/crontabs; \ + echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data -WORKDIR /var/www/html +# install the PHP extensions we need +# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html +ENV PHP_MEMORY_LIMIT 512M +ENV PHP_UPLOAD_LIMIT 512M +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libevent-dev \ + libfreetype6-dev \ + libgmp-dev \ + libicu-dev \ + libjpeg-dev \ + libldap2-dev \ + libmagickwand-dev \ + libmcrypt-dev \ + libmemcached-dev \ + libpng-dev \ + libpq-dev \ + libwebp-dev \ + libxml2-dev \ + libzip-dev \ + ; \ + \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ + docker-php-ext-configure ftp --with-openssl-dir=/usr; \ + docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \ + docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ + docker-php-ext-install -j "$(nproc)" \ + bcmath \ + exif \ + ftp \ + gd \ + gmp \ + intl \ + ldap \ + opcache \ + pcntl \ + pdo_mysql \ + pdo_pgsql \ + sysvsem \ + zip \ + ; \ + \ + # pecl will claim success even if one install fails, so we need to perform each install separately + pecl install APCu-5.1.24; \ + pecl install imagick-3.7.0; \ + pecl install memcached-3.3.0; \ + pecl install redis-6.1.0; \ + \ + docker-php-ext-enable \ + apcu \ + imagick \ + memcached \ + redis \ + ; \ + rm -r /tmp/pear; \ + \ + # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* -USER www-data +# set recommended PHP.ini settings +# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache +RUN { \ + echo 'opcache.enable=1'; \ + echo 'opcache.interned_strings_buffer=32'; \ + echo 'opcache.max_accelerated_files=10000'; \ + echo 'opcache.memory_consumption=128'; \ + echo 'opcache.save_comments=1'; \ + echo 'opcache.revalidate_freq=60'; \ + echo 'opcache.jit=1255'; \ + echo 'opcache.jit_buffer_size=128M'; \ + } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ + \ + echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ + \ + { \ + echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ + echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ + echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ + } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \ + \ + mkdir /var/www/data; \ + mkdir -p /docker-entrypoint-hooks.d/pre-installation \ + /docker-entrypoint-hooks.d/post-installation \ + /docker-entrypoint-hooks.d/pre-upgrade \ + /docker-entrypoint-hooks.d/post-upgrade \ + /docker-entrypoint-hooks.d/before-starting; \ + chown -R www-data:root /var/www; \ + chmod -R g=u /var/www -ARG REPO_NEXTCLOUD=https://github.com/nextcloud/server -ARG BRANCH_NEXTCLOUD=v28.0.12 -# CACHEBUST forces docker to clone fresh source codes from git. -# example: docker build -t your-image --build-arg CACHEBUST="default" . -# $RANDOM returns random number each time. -ARG CACHEBUST="default" -RUN git clone \ - --depth 1 \ - --recursive \ - --shallow-submodules \ - --branch ${BRANCH_NEXTCLOUD} \ - ${REPO_NEXTCLOUD} \ - . +VOLUME /var/www/html -USER root +COPY ./tls/certificates/* /tls/ +COPY ./tls/certificate-authority/* /tls/ +RUN ln --symbolic --force /tls/*.crt /usr/local/share/ca-certificates; \ + update-ca-certificates -ENV PHP_MEMORY_LIMIT="512M" +COPY ./configs/nextcloud/apache.conf /etc/apache2/sites-enabled/000-default.conf + +RUN a2enmod headers rewrite remoteip ssl; \ + { \ + echo 'RemoteIPHeader X-Real-IP'; \ + echo 'RemoteIPInternalProxy 10.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 172.16.0.0/12'; \ + echo 'RemoteIPInternalProxy 192.168.0.0/16'; \ + } > /etc/apache2/conf-available/remoteip.conf; \ + a2enconf remoteip; \ + chown -R www-data:root /var/log/apache2; \ + chmod -R g=u /var/log/apache2 + +# set apache config LimitRequestBody +ENV APACHE_BODY_LIMIT 1073741824 +RUN { \ + echo 'LimitRequestBody ${APACHE_BODY_LIMIT}'; \ + } > /etc/apache2/conf-available/apache-limits.conf; \ + a2enconf apache-limits RUN curl --silent --show-error https://getcomposer.org/installer -o /root/composer-setup.php RUN php /root/composer-setup.php --install-dir=/usr/local/bin --filename=composer -USER www-data -# this file can be overrided in docker run or docker compose.yaml. -# example: docker run --volume new-init.sh:/init.sh:ro -COPY ./scripts/init/nextcloud.sh /init.sh -RUN mkdir -p data; touch data/nextcloud.log - -USER root -CMD /usr/sbin/httpd -DFOREGROUND & tail -f /var/log/apache2/access.log & tail -f /var/log/apache2/error.log & tail -f data/nextcloud.log +ENTRYPOINT ["/entrypoint.sh"] +CMD apache2ctl -DFOREGROUND & tail --follow /var/log/apache2/access.log & tail --follow /var/log/apache2/error.log & tail --follow /var/www/html/data/nextcloud.log diff --git a/docker/dockerfiles/nextcloud.Dockerfile b/docker/dockerfiles/nextcloud.Dockerfile index e038f67..f3f9d1f 100644 --- a/docker/dockerfiles/nextcloud.Dockerfile +++ b/docker/dockerfiles/nextcloud.Dockerfile @@ -1,4 +1,4 @@ -FROM pondersource/dev-stock-php-base:latest +FROM pondersource/dev-stock-nextcloud-base:latest # keys for oci taken from: # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys @@ -7,39 +7,27 @@ LABEL org.opencontainers.image.title="PonderSource Nextcloud Image" LABEL org.opencontainers.image.source="https://github.com/pondersource/dev-stock" LABEL org.opencontainers.image.authors="Mohammad Mahdi Baghbani Pourvahid" -RUN rm --recursive --force /var/www/html -USER www-data +ARG NEXTCLOUD_REPO=https://github.com/nextcloud/server +ARG NEXTCLOUD_BRANCH=v30.0.2 -ARG REPO_NEXTCLOUD=https://github.com/nextcloud/server -ARG BRANCH_NEXTCLOUD=v30.0.0 # CACHEBUST forces docker to clone fresh source codes from git. # example: docker build -t your-image --build-arg CACHEBUST="default" . # $RANDOM returns random number each time. ARG CACHEBUST="default" -RUN git clone \ - --depth 1 \ - --recursive \ - --shallow-submodules \ - --branch ${BRANCH_NEXTCLOUD} \ - ${REPO_NEXTCLOUD} \ - html - -USER root -WORKDIR /var/www/html - -# switch php version for Nextloud. -RUN switch-php.sh 8.2 - -ENV PHP_MEMORY_LIMIT="512M" - -RUN curl --silent --show-error https://getcomposer.org/installer -o /root/composer-setup.php -RUN php /root/composer-setup.php --install-dir=/usr/local/bin --filename=composer - -USER www-data -# this file can be overrided in docker run or docker compose.yaml. -# example: docker run --volume new-init.sh:/init.sh:ro -COPY ./scripts/init/nextcloud.sh /init.sh -RUN mkdir -p data; touch data/nextcloud.log - -USER root -CMD /usr/sbin/apache2ctl -DFOREGROUND & tail --follow /var/log/apache2/access.log & tail --follow /var/log/apache2/error.log & tail --follow data/nextcloud.log +RUN set -ex; \ + cd /usr/src/; \ + git clone \ + --depth 1 \ + --recursive \ + --shallow-submodules \ + --branch ${NEXTCLOUD_BRANCH} \ + ${NEXTCLOUD_REPO} \ + nextcloud; \ + rm -rf /usr/src/nextcloud/.git; \ + mkdir -p /usr/src/nextcloud/data; \ + mkdir -p /usr/src/nextcloud/custom_apps; \ + chmod +x /usr/src/nextcloud/occ + +COPY ./scripts/nextcloud/*.sh / +COPY ./scripts/nextcloud/upgrade.exclude / +COPY ./configs/nextcloud/* /usr/src/nextcloud/config/