docker
/
docker-nextcloud
mirror of https://github.com/nextcloud/docker.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #125 from nextcloud/rework-examples 

[WIP] Rework of Examples Section
This commit is contained in:
Tilo Spannagel 2017-10-07 22:30:41 +02:00 committed by GitHub
parent da970232b5 3db0c2bf69
commit fa3b83c1b1
69 changed files with 1955 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
.examples/README.md Normal file
View File

@ -0,0 +1,63 @@
# Examples section
In this subfolders are some examples how to use the docker image. There are two sections:
* [`dockerfiles`](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles)
* [`docker-compose`](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose)
The `dockerfiles` are derived images, that add or alter certain functionalities of the default docker images. In the `docker-compose` subfolder are examples for deployment of the application, including database, redis, collabora and other services.
## Dockerfiles
The Dockerfiles use the default images as base image and build on top of it.
Example | Description
------- | -------
[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed).
[imap](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/imap) | adds dependencies required to authenticate users via imap
[smb](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb) | adds dependencies required to use smb shares
## docker-compose
In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box.
Before running the examples you have to modify the `db.env` and `docker-compose.yml` file and fill in your custom information.
The docker-compose examples make heavily use of dereived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker-compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `docker-compose.yml` file.
### insecure
This example should only be used for testing on the local network because it uses a unencrypted http connection.
When you want to have your server reachable from the internet adding HTTPS-encryption is mandatory!
For this use one of the [with-nginx-proxy](#with-nginx-proxy) examples.
To use this example complete the following steps:
1. if you use mariadb or mysql choose a root password for the database in `docker-compose.yml` behind `MYSQL_ROOT_PASSWORD=`
2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
4. start nextcloud with `docker-compose up -d`
If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
### with-nginx-proxy
The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine.
The advantage in adding this layer is the ability to add a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling.
This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal.
To use this example complete the following steps:
1. open `docker-compose.yml`
1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=`
2. enter a valid email behind `LETSENCRYPT_EMAIL=`
3. if you use mariadb or mysql choose a root password for the database behind `MYSQL_ROOT_PASSWORD=`
2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
4. start nextcloud with `docker-compose up -d`
If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.

97
.examples/docker-compose.yml
View File

@ -1,97 +0,0 @@
version: '2'
services:
proxy:
image: jwilder/nginx-proxy
container_name: proxy
ports:
- 80:80
- 443:443
volumes:
- ./proxy/conf.d:/etc/nginx/conf.d
- ./proxy/vhost.d:/etc/nginx/vhost.d
- ./proxy/html:/usr/share/nginx/html
- ./proxy/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
restart: always
letsencrypt-companion:
image: alastaircoote/docker-letsencrypt-nginx-proxy-companion
container_name: letsencrypt-companion
volumes_from:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./proxy/certs:/etc/nginx/certs:rw
restart: always
web:
image: nginx
container_name: nextcloud_webserver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
links:
- app
- collabora
volumes_from:
- app
environment:
- VIRTUAL_HOST=${DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=${DOMAIN}
- LETSENCRYPT_EMAIL=
networks:
- proxy-tier
restart: always
app:
image: nextcloud:fpm
container_name: nextcloud_fpm
links:
- db
volumes:
- ./nextcloud/apps:/var/www/html/apps
- ./nextcloud/config:/var/www/html/config
- ./nextcloud/data:/var/www/html/data
networks:
- proxy-tier
restart: always
db:
image: mariadb
container_name: db
volumes:
- ./nextcloud/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=
networks:
- proxy-tier
restart: always
redis:
image: redis
container_name: redis
networks:
- proxy-tier
restart: always
collabora:
image: collabora/code
container_name: collabora
cap_add:
- MKNOD
environment:
- domain=${DOMAIN}
networks:
- proxy-tier
restart: always
networks:
proxy-tier:
external:
name: nginx-proxy

3
.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:apache
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

3
.examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env Normal file
View File

@ -0,0 +1,3 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud

59
.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml Normal file
View File

@ -0,0 +1,59 @@
version: '3'
services:
db:
image: mariadb
# image: mysql
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- db.env
redis:
image: redis
restart: always
app:
build: ./app
restart: always
ports:
- 8080:80
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
env_file:
- db.env
depends_on:
- db
- redis
cron:
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html
user: www-data
entrypoint: |
bash -c 'bash -s <<EOF
trap "break;exit" SIGHUP SIGINT SIGTERM
while [ ! -f /var/www/html/config/config.php ]; do
sleep 1
done
while true; do
php -f /var/www/html/cron.php
sleep 15m
done
EOF'
depends_on:
- db
- redis
volumes:
db:
nextcloud:

3
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:fpm
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

3
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env Normal file
View File

@ -0,0 +1,3 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud

67
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml Normal file
View File

@ -0,0 +1,67 @@
version: '3'
services:
db:
image: mariadb
# image: mysql
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- db.env
redis:
image: redis
restart: always
app:
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
env_file:
- db.env
depends_on:
- db
- redis
web:
build: ./web
restart: always
ports:
- 8080:80
volumes:
- nextcloud:/var/www/html:ro
depends_on:
- app
cron:
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html
user: www-data
entrypoint: |
bash -c 'bash -s <<EOF
trap "break;exit" SIGHUP SIGINT SIGTERM
while [ ! -f /var/www/html/config/config.php ]; do
sleep 1
done
while true; do
php -f /var/www/html/cron.php
sleep 15m
done
EOF'
depends_on:
- db
- redis
volumes:
db:
nextcloud:

3
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

154
.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf Normal file
View File

@ -0,0 +1,154 @@
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server app:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

3
.examples/docker-compose/insecure/mariadb/apache/db.env Normal file
View File

@ -0,0 +1,3 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud

31
.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml Normal file
View File

@ -0,0 +1,31 @@
version: '3'
services:
db:
image: mariadb
# image: mysql
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- db.env
app:
image: nextcloud:apache
restart: always
ports:
- 8080:80
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
env_file:
- db.env
depends_on:
- db
volumes:
db:
nextcloud:

3
.examples/docker-compose/insecure/mariadb/fpm/db.env Normal file
View File

@ -0,0 +1,3 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud

39
.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml Normal file
View File

@ -0,0 +1,39 @@
version: '3'
services:
db:
image: mariadb
# image: mysql
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- db.env
app:
image: nextcloud:fpm
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
env_file:
- db.env
depends_on:
- db
web:
build: ./web
restart: always
ports:
- 8080:80
volumes:
- nextcloud:/var/www/html:ro
depends_on:
- app
volumes:
db:
nextcloud:

3
.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

154
.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf Normal file
View File

@ -0,0 +1,154 @@
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server app:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

3
.examples/docker-compose/insecure/postgres/apache/db.env Normal file
View File

@ -0,0 +1,3 @@
POSTGRES_PASSWORD=
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud

28
.examples/docker-compose/insecure/postgres/apache/docker-compose.yml Normal file
View File

@ -0,0 +1,28 @@
version: '3'
services:
db:
image: postgres
restart: always
volumes:
- db:/var/lib/postgresql/data
env_file:
- db.env
app:
image: nextcloud:apache
restart: always
ports:
- 8080:80
volumes:
- nextcloud:/var/www/html
environment:
- POSTGRES_HOST=db
env_file:
- db.env
depends_on:
- db
volumes:
db:
nextcloud:

3
.examples/docker-compose/insecure/postgres/fpm/db.env Normal file
View File

@ -0,0 +1,3 @@
POSTGRES_PASSWORD=
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud

36
.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml Normal file
View File

@ -0,0 +1,36 @@
version: '3'
services:
db:
image: postgres
restart: always
volumes:
- db:/var/lib/postgresql/data
env_file:
- db.env
app:
image: nextcloud:fpm
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- POSTGRES_HOST=db
env_file:
- db.env
depends_on:
- db
web:
build: ./web
restart: always
ports:
- 8080:80
volumes:
- nextcloud:/var/www/html:ro
depends_on:
- app
volumes:
db:
nextcloud:

3
.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

154
.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf Normal file
View File

@ -0,0 +1,154 @@
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server app:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:apache
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env Normal file
View File

@ -0,0 +1,3 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud

102
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml Normal file
View File

@ -0,0 +1,102 @@
version: '3'
services:
db:
image: mariadb
# image: mysql
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- db.env
redis:
image: redis
restart: always
app:
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- VIRTUAL_HOST=
- LETSENCRYPT_HOST=
- LETSENCRYPT_EMAIL=
environment:
- MYSQL_HOST=db
env_file:
- db.env
depends_on:
- db
- redis
networks:
- proxy-tier
- default
cron:
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html
user: www-data
entrypoint: |
bash -c 'bash -s <<EOF
trap "break;exit" SIGHUP SIGINT SIGTERM
while [ ! -f /var/www/html/config/config.php ]; do
sleep 1
done
while true; do
php -f /var/www/html/cron.php
sleep 15m
done
EOF'
depends_on:
- db
- redis
proxy:
build: ./proxy
restart: always
ports:
- 80:80
- 443:443
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- certs:/etc/nginx/certs:ro
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
letsencrypt-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
volumes:
- certs:/etc/nginx/certs
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy-tier
depends_on:
- proxy
volumes:
db:
nextcloud:
certs:
conf.d:
vhost.d:
html:
networks:
proxy-tier:

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM jwilder/nginx-proxy:alpine
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

1
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf Normal file
View File

@ -0,0 +1 @@
client_max_body_size 10G;

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:fpm
COPY redis.config.php /usr/src/nextcloud/config/redis.config.php

8
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/redis.config.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$CONFIG = array (
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'redis',
'port' => 6379,
),
);

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env Normal file
View File

@ -0,0 +1,3 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud

110
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml Normal file
View File

@ -0,0 +1,110 @@
version: '3'
services:
db:
image: mariadb
# image: mysql
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- db.env
redis:
image: redis
restart: always
app:
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
env_file:
- db.env
depends_on:
- db
- redis
web:
build: ./web
restart: always
volumes:
- nextcloud:/var/www/html:ro
environment:
- VIRTUAL_HOST=
- LETSENCRYPT_HOST=
- LETSENCRYPT_EMAIL=
depends_on:
- app
networks:
- proxy-tier
- default
cron:
build: ./app
restart: always
volumes:
- nextcloud:/var/www/html
user: www-data
entrypoint: |
bash -c 'bash -s <<EOF
trap "break;exit" SIGHUP SIGINT SIGTERM
while [ ! -f /var/www/html/config/config.php ]; do
sleep 1
done
while true; do
php -f /var/www/html/cron.php
sleep 15m
done
EOF'
depends_on:
- db
- redis
proxy:
build: ./proxy
restart: always
ports:
- 80:80
- 443:443
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- certs:/etc/nginx/certs:ro
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
letsencrypt-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
volumes:
- certs:/etc/nginx/certs
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy-tier
depends_on:
- proxy
volumes:
db:
nextcloud:
certs:
conf.d:
vhost.d:
html:
networks:
proxy-tier:

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM jwilder/nginx-proxy:alpine
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

1
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf Normal file
View File

@ -0,0 +1 @@
client_max_body_size 10G;

3
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

154
.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf Normal file
View File

@ -0,0 +1,154 @@
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server app:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

3
.examples/docker-compose/with-nginx-proxy/mariadb/apache/db.env Normal file
View File

@ -0,0 +1,3 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud

74
.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml Normal file
View File

@ -0,0 +1,74 @@
version: '3'
services:
db:
image: mariadb
# image: mysql
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- db.env
app:
image: nextcloud:apache
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- VIRTUAL_HOST=
- LETSENCRYPT_HOST=
- LETSENCRYPT_EMAIL=
environment:
- MYSQL_HOST=db
env_file:
- db.env
depends_on:
- db
networks:
- proxy-tier
- default
proxy:
build: ./proxy
restart: always
ports:
- 80:80
- 443:443
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- certs:/etc/nginx/certs:ro
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
letsencrypt-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
volumes:
- certs:/etc/nginx/certs
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy-tier
depends_on:
- proxy
volumes:
db:
nextcloud:
certs:
conf.d:
vhost.d:
html:
networks:
proxy-tier:

3
.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM jwilder/nginx-proxy:alpine
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

1
.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf Normal file
View File

@ -0,0 +1 @@
client_max_body_size 10G;

3
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/db.env Normal file
View File

@ -0,0 +1,3 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud

82
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml Normal file
View File

@ -0,0 +1,82 @@
version: '3'
services:
db:
image: mariadb
# image: mysql
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
env_file:
- db.env
app:
image: nextcloud:fpm
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_HOST=db
env_file:
- db.env
depends_on:
- db
web:
build: ./web
restart: always
volumes:
- nextcloud:/var/www/html:ro
environment:
- VIRTUAL_HOST=
- LETSENCRYPT_HOST=
- LETSENCRYPT_EMAIL=
depends_on:
- app
networks:
- proxy-tier
- default
proxy:
build: ./proxy
restart: always
ports:
- 80:80
- 443:443
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- certs:/etc/nginx/certs:ro
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
letsencrypt-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
volumes:
- certs:/etc/nginx/certs
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy-tier
depends_on:
- proxy
volumes:
db:
nextcloud:
certs:
conf.d:
vhost.d:
html:
networks:
proxy-tier:

3
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM jwilder/nginx-proxy:alpine
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

1
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf Normal file
View File

@ -0,0 +1 @@
client_max_body_size 10G;

3
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

154
.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf Normal file
View File

@ -0,0 +1,154 @@
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server app:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

3
.examples/docker-compose/with-nginx-proxy/postgres/apache/db.env Normal file
View File

@ -0,0 +1,3 @@
POSTGRES_PASSWORD=
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud

71
.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml Normal file
View File

@ -0,0 +1,71 @@
version: '3'
services:
db:
image: postgres
restart: always
volumes:
- db:/var/lib/postgresql/data
env_file:
- db.env
app:
image: nextcloud:apache
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- VIRTUAL_HOST=
- LETSENCRYPT_HOST=
- LETSENCRYPT_EMAIL=
environment:
- POSTGRES_HOST=db
env_file:
- db.env
depends_on:
- db
networks:
- proxy-tier
- default
proxy:
build: ./proxy
restart: always
ports:
- 80:80
- 443:443
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- certs:/etc/nginx/certs:ro
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
letsencrypt-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
volumes:
- certs:/etc/nginx/certs
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy-tier
depends_on:
- proxy
volumes:
db:
nextcloud:
certs:
conf.d:
vhost.d:
html:
networks:
proxy-tier:

3
.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM jwilder/nginx-proxy:alpine
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

1
.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf Normal file
View File

@ -0,0 +1 @@
client_max_body_size 10G;

3
.examples/docker-compose/with-nginx-proxy/postgres/fpm/db.env Normal file
View File

@ -0,0 +1,3 @@
POSTGRES_PASSWORD=
POSTGRES_DB=nextcloud
POSTGRES_USER=nextcloud

80
.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml Normal file
View File

@ -0,0 +1,80 @@
version: '3'
services:
db:
image: postgres
restart: always
volumes:
- db:/var/lib/postgresql/data
env_file:
- db.env
app:
image: nextcloud:fpm
restart: always
volumes:
- nextcloud:/var/www/html
environment:
- POSTGRES_HOST=db
env_file:
- db.env
depends_on:
- db
web:
build: ./web
restart: always
volumes:
- nextcloud:/var/www/html:ro
environment:
- VIRTUAL_HOST=
- LETSENCRYPT_HOST=
- LETSENCRYPT_EMAIL=
depends_on:
- app
networks:
- proxy-tier
- default
proxy:
build: ./proxy
restart: always
ports:
- 80:80
- 443:443
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- certs:/etc/nginx/certs:ro
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
letsencrypt-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
volumes:
- certs:/etc/nginx/certs
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy-tier
depends_on:
- proxy
volumes:
db:
nextcloud:
certs:
conf.d:
vhost.d:
html:
networks:
proxy-tier:

3
.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM jwilder/nginx-proxy:alpine
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

1
.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf Normal file
View File

@ -0,0 +1 @@
client_max_body_size 10G;

3
.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

154
.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf Normal file
View File

@ -0,0 +1,154 @@
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server app:9000;
}
server {
listen 80;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}

13
.examples/dockerfiles/cron/apache/Dockerfile Normal file
View File

@ -0,0 +1,13 @@
FROM nextcloud:apache
RUN apt-get update && apt-get install -y \
supervisor \
cron \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir /var/log/supervisord /var/run/supervisord && \
echo "*/15 * * * * su - www-data -s /bin/bash -c \"php -f /var/www/html/cron.php\""| crontab -
COPY supervisord.conf /etc/supervisor/supervisord.conf
CMD ["/usr/bin/supervisord"]

22
.examples/dockerfiles/cron/apache/supervisord.conf Normal file
View File

@ -0,0 +1,22 @@
[supervisord]
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB ; maximum size of logfile before rotation
logfile_backups=10 ; number of backed up logfiles
loglevel=error
[program:apache2]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=apache2-foreground
[program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=cron -f

0
.examples/Dockerfile.cron → .examples/dockerfiles/cron/fpm/Dockerfile
View File

0
.examples/supervisord.conf → .examples/dockerfiles/cron/fpm/supervisord.conf
View File

1
.examples/Dockerfile.imap → .examples/dockerfiles/imap/apache/Dockerfile
View File

@ -1,4 +1,5 @@
FROM nextcloud:apache
RUN apt-get update \
&& apt-get install -y libc-client-dev libkrb5-dev \
&& rm -rf /var/lib/apt/lists/* \

7
.examples/dockerfiles/imap/fpm/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM nextcloud:fpm
RUN apt-get update \
&& apt-get install -y libc-client-dev libkrb5-dev \
&& rm -rf /var/lib/apt/lists/* \
&& docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
&& docker-php-ext-install imap

1
.examples/Dockerfile.smb → .examples/dockerfiles/smb/apache/Dockerfile
View File

@ -1,2 +1,3 @@
FROM nextcloud:apache
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*

3
.examples/dockerfiles/smb/fpm/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nextcloud:fpm
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*

110
.examples/nginx.conf
View File

@ -1,110 +0,0 @@
user www-data;
events {
worker_connections 768;
}
http {
upstream backend {
server app:9000;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
client_max_body_size 10G; # 0=unlimited - set max upload size
fastcgi_buffers 64 4K;
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass backend;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
# collabora static files
location ^~ /loleaflet {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# collabora WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# collabora websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://collabora:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
}

1
.travis.yml
View File

@ -20,6 +20,7 @@ before_script:
script:
- travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
- ~/official-images/test/run.sh "$image"
- .travis/test-example-dockerfiles.sh "$image"
after_script:
- docker images

19
.travis/test-example-dockerfiles.sh Executable file
View File

@ -0,0 +1,19 @@
#!/bin/bash
set -e
image="$1"
cd .examples/dockerfiles
dirs=( */ )
dirs=( "${dirs[@]%/}" )
for dir in "${dirs[@]}"; do
if [ -d "$dir/$VARIANT" ]; then
(
cd "$dir/$VARIANT"
sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile'
docker build -t "$image-$dir" .
~/official-images/test/run.sh "$image-$dir"
)
fi
done