diff --git a/.gitignore b/.gitignore index 15b0752..37b4d93 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ -/data/app +/data/data /backup nextcloud.conf +db.env +cloud.env +docker-compose.override.yml diff --git a/README.md b/README.md index 25a5311..c6dd946 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,11 @@ # Nextcloud - [](https://paypal.me/pgollor) [](https://hub.docker.com/r/pgollor/nextcloud/) -- app: [](https://jenkins.pgollor.de/job/nextcloud-docker-app/) [](https://microbadger.com/images/pgollor/nextcloud:app-latest "Get your own image badge on microbadger.com") [](https://microbadger.com/images/pgollor/nextcloud:app-latest "Get your own version badge on microbadger.com") [](https://hub.docker.com/_/nextcloud/) +- app: [](https://jenkins.pgollor.de/job/nextcloud-docker-app-dev/) [](https://microbadger.com/images/pgollor/nextcloud:app-dev-latest "Get your own image badge on microbadger.com") [](https://microbadger.com/images/pgollor/nextcloud:app-dev-latest "Get your own version badge on microbadger.com") [](https://hub.docker.com/_/nextcloud/) - web: [](https://jenkins.pgollor.de/job/nextcloud-docker-web/) [](https://microbadger.com/images/pgollor/nextcloud:web-latest "Get your own image badge on microbadger.com") [](https://microbadger.com/images/pgollor/nextcloud:web-latest "Get your own version badge on microbadger.com") -Docker compose files for nextcloud +Docker compose files for nextcloud with database and redis container. +This compose set is designed fo rusing behing a revers proxy which handels the ssl certificates. ## Information @@ -19,6 +20,10 @@ ## Update hints +### 20 to 21 + +All containers and volumes are renamed. Make a full backup and restore it. Untestet now! + ### 14.0.4 to 14.0.16 If you get a database error for the `activity` table, please have a look at this [issue](https://github.com/nextcloud/activity/issues/309#issuecomment-436929111). diff --git a/backup.sh b/backup.sh index 7721b8e..9e7b1b3 100755 --- a/backup.sh +++ b/backup.sh @@ -1,12 +1,14 @@ #!/bin/bash +# project name (by default directory name of the compose project) +PROJECT_NAME=nextcloud # backup directory SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" backupDir=${SCRIPT_DIR}/backup # create directories -mkdir -p ${backupDir}/app +mkdir -p ${backupDir}/config mkdir -p ${backupDir}/docker-conf mkdir -p ${backupDir}/data mkdir -p ${backupDir}/db @@ -14,21 +16,22 @@ # current date currentDate=$(date +"%Y-%m-%d_%H-%M-%S") -# backup mysql +# backup database dbFile="${backupDir}/db/${currentDate}.sql" -docker exec $(docker container ls -qf name=nextcloud-database) sh -c 'mysqldump --single-transaction=TRUE --lock-tables --default-character-set=utf8mb4 -uroot -p"${MYSQL_ROOT_PASSWORD}" ${MYSQL_DATABASE}' > ${dbFile} +docker exec $(docker container ls -qf name=${PROJECT_NAME}_database) sh -c 'mysqldump --single-transaction=TRUE --lock-tables --default-character-set=utf8mb4 -uroot -p"${MYSQL_ROOT_PASSWORD}" ${MYSQL_DATABASE}' > ${dbFile} sed -i "/^mysqldump: \\[Warning\\]/d" ${dbFile} tar -cj ${dbFile} -f "${dbFile}.tbz2" rm ${dbFile} -# backup app data as root because of permission problems -sudo tar -C data -I pbzip2 -pc app -f "${backupDir}/app/${currentDate}.tbz2" +# backup nextcloud conf directory as root because of permission problems +docker run --rm -v ${PROJECT_NAME}_app-vol-1:/volume -v "${backupDir}/config":/backup debian:buster-slim bash -c "cd /volume/config && tar -czf /backup/${currentDate}.tar ." &> /dev/null # backup data as root because of permission problems -#sudo tar -C data -I pbzip2 -pc data -f "${backupDir}/data/${currentDate}.tbz2" +docker run --rm -v ${PROJECT_NAME}_data-vol-1:/volume -v "${backupDir}/data":/backup debian:buster-slim bash -c "cd /volume && tar -czf /backup/${currentDate}.tar ." &> /dev/null -# backup config files -tar -pcj nextcloud.conf -f "${backupDir}/docker-conf/${currentDate}.tbz2" +# backup docker config files +tar -pcj nextcloud.conf db.env cloud.env -f "${backupDir}/docker-conf/${currentDate}.tbz2" # delete all files older 30 days find ${backupDir} -iname "*.tbz2" -type f -mtime +10 -exec rm {} \; > /dev/null + diff --git a/cloud.env.example b/cloud.env.example new file mode 100644 index 0000000..31c726c --- /dev/null +++ b/cloud.env.example @@ -0,0 +1,2 @@ +# admin user password +NEXTCLOUD_ADMIN_PASSWORD=changeme diff --git a/db.env.example b/db.env.example new file mode 100644 index 0000000..461e107 --- /dev/null +++ b/db.env.example @@ -0,0 +1,2 @@ +MYSQL_PASSWORD=changeme +MYSQL_ROOT_PASSWORD=changeme diff --git a/docker-compose.yml b/docker-compose.yml index 884a9b2..c84a20d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,123 +1,84 @@ -version: '2.2' +version: '3' services: - nextcloud-app: - #build: ./docker/app - image: pgollor/nextcloud:app-latest + app: + image: pgollor/nextcloud:app-dev-latest + build: ./docker/app restart: always - mem_limit: 512m cpus: 1.5 - depends_on: - - nextcloud-database - - nextcloud-redis + env_file: + - db.env + - cloud.env environment: - - MYSQL_HOST=mysql + - MYSQL_HOST=db - MYSQL_DATABASE=cloud - MYSQL_USER=cloud - - MYSQL_PASSWORD=${NEXTCLOUD_DATABASE_PASSWORD} - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} - - NEXTCLOUD_DATA_DIR=/srv/data - REDIS_HOST=redis - TZ=${TZ} + - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS} + - OVERWRITEHOST=${NEXTCLOUD_OVERWRITEHOST} + - OVERWRITEPROTOCOL=https tmpfs: - /tmp + links: + - "database:db" volumes: - - ./data/app:/var/www/html - - ./data/data:/srv/data - networks: - nextcloud-network: - ipv4_address: ${NEXTCLOUD_IPV4_NETWORK:-172.22.5}.100 - aliases: - - app + - app-vol-1:/var/www/html + - data-vol-1:/var/www/html/data + - ./data/config:/var/www/html/config + depends_on: + - database + - redis - nextcloud-web: - #build: ./docker/web + web: image: pgollor/nextcloud:web-latest restart: always - mem_limit: 512m logging: driver: json-file ports: - "${NEXTCLOUD_WEB_BIND:-127.0.0.1}:${NEXTCLOUD_WEB_PORT:-8080}:80" volumes: - - ./data/app:/var/www/html:ro + - app-vol-1:/var/www/html:ro + links: + - "app:app" depends_on: - - nextcloud-app - networks: - nextcloud-network: - ipv4_address: ${NEXTCLOUD_IPV4_NETWORK:-172.22.5}.101 - aliases: - - web + - app - nextcloud-database: + database: image: mariadb restart: always - mem_limit: 1g command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW environment: - - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DATABASE_ROOT} - MYSQL_DATABASE=cloud - MYSQL_USER=cloud - - MYSQL_PASSWORD=${NEXTCLOUD_DATABASE_PASSWORD} + env_file: + - db.env volumes: - - nextcloud-db-vol-1:/var/lib/mysql/ - - ./data/conf/mysql:/etc/mysql/conf.d/:ro + - db-vol-1:/var/lib/mysql/ + - ./data/mysql:/etc/mysql/conf.d/:ro tmpfs: - /tmp - networks: - nextcloud-network: - ipv4_address: ${NEXTCLOUD_IPV4_NETWORK:-172.22.5}.102 - aliases: - - mysql - nextcloud-redis: - mem_limit: 1g + redis: image: redis:alpine restart: always - networks: - nextcloud-network: - aliases: - - redis - nextcloud-cron: - #build: ./docker/app - image: pgollor/nextcloud:app-latest + cron: + image: pgollor/nextcloud:app-dev-latest restart: always volumes: - - ./data/app:/var/www/html - - ./data/data:/srv/data - user: www-data - mem_limit: 256m + - app-vol-1:/var/www/html + - data-vol-1:/var/www/html/data logging: driver: json-file - entrypoint: | - bash -c 'bash -s <<EOF - trap "break;exit" SIGHUP SIGINT SIGTERM - - while [ ! -f /var/www/html/config/config.php ]; do - sleep 1 - done - - while true; do - php -f /var/www/html/cron.php - sleep 15m - done - EOF' + entrypoint: /cron.sh depends_on: - - nextcloud-database - - nextcloud-redis - networks: - nextcloud-network: - -networks: - nextcloud-network: - driver: bridge - enable_ipv6: false - ipam: - driver: default - config: - - subnet: ${NEXTCLOUD_IPV4_NETWORK:-172.22.5}.0/24 + - database + - redis volumes: - nextcloud-db-vol-1: + db-vol-1: + app-vol-1: + data-vol-1: + diff --git a/docker/app/Dockerfile b/docker/app/Dockerfile index a0355ac..475afeb 100644 --- a/docker/app/Dockerfile +++ b/docker/app/Dockerfile @@ -1,4 +1,4 @@ -FROM nextcloud:17-fpm +FROM nextcloud:fpm ARG NV ARG VCS_REF @@ -9,12 +9,20 @@ RUN apt-get update && \ apt-get install -y --no-install-recommends \ + libgmp3-dev \ smbclient libsmbclient-dev \ - libbz2-dev + libbz2-dev \ + libmagickcore-6.q16-6-extra \ + ocrmypdf \ + imagemagick ghostscript RUN apt-get clean && rm -rf /var/lib/apt/lists/* RUN pecl install \ smbclient RUN docker-php-ext-install bz2 +RUN docker-php-ext-install gmp +RUN docker-php-ext-install bz2 +RUN docker-php-ext-install bcmath RUN docker-php-ext-enable smbclient +RUN sed -i '/domain="coder".*pattern="PDF"/c\<policy domain="coder" rights="read\|write" pattern="PDF" \/>' /etc/ImageMagick-6/policy.xml COPY redis.config.php /usr/src/nextcloud/config/redis.config.php diff --git a/generate_password.sh b/generate_password.sh index 7ff8759..e0819c8 100755 --- a/generate_password.sh +++ b/generate_password.sh @@ -1,15 +1,23 @@ #!/bin/bash -if [ ! -f "nextcloud.conf" ]; then - cp nextcloud.conf.example nextcloud.conf +if [ ! -f "db.env" ]; then + cp db.env.example db.env pw1=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28) pw2=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28) - pw3=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28) - sed -i "/^NEXTCLOUD_DATABASE_ROOT/c\\\NEXTCLOUD_DATABASE_ROOT=${pw1}" nextcloud.conf - sed -i "/^NEXTCLOUD_DATABASE_PASSWORD/c\\\NEXTCLOUD_DATABASE_PASSWORD=${pw2}" nextcloud.conf - sed -i "/^NEXTCLOUD_ADMIN_PASSWORD/c\\\NEXTCLOUD_ADMIN_PASSWORD=${pw3}" nextcloud.conf + sed -i "/^MYSQL_PASSWORD/c\\\MYSQL_PASSWORD=${pw1}" db.env + sed -i "/^MYSQL_ROOT_PASSWORD/c\\\MYSQL_ROOT_PASSWORD=${pw2}" db.env else - echo "File already exists!" + echo "db.env already exists!" +fi + +if [ ! -f "cloud.env" ]; then + cp cloud.env.example cloud.env + + pw1=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28) + + sed -i "/^NEXTCLOUD_ADMIN_PASSWORD/c\\\NEXTCLOUD_ADMIN_PASSWORD=${pw1}" cloud.env +else + echo "cloud.env already exists!" fi diff --git a/nextcloud.conf.example b/nextcloud.conf.example index bbe3689..cee84c6 100644 --- a/nextcloud.conf.example +++ b/nextcloud.conf.example @@ -9,20 +9,11 @@ # admin user name NEXTCLOUD_ADMIN_USER=admin -# admin user password -NEXTCLOUD_ADMIN_PASSWORD=changeme +# your primary domain +NEXTCLOUD_OVERWRITEHOST="cloud.example.com" -# ipv4 network (only first three bytes like: 172.22.5) -NEXTCLOUD_IPV4_NETWORK=172.22.5 - - -## database configuration -# mysql root user password -NEXTCLOUD_DATABASE_ROOT=changeme - -# database password -NEXTCLOUD_DATABASE_PASSWORD=changeme - +# comma seperated list of trusted domains +NEXTCLOUD_TRUSTED_DOMAINS="cloud.example.com c.example.com" ## Timezone one of /usr/share/zoneinfo TZ=Europe/Berlin