Delmar/docker_dev
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Julieñ
2025-11-17 18:51:08 +01:00
parent 14d6f9aa73
commit 7fb0d2212a
318 changed files with 35761 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
nextcloud-aio/Containers/apache/Caddyfile Normal file
View File

@@ -0,0 +1,75 @@
{
auto_https disable_redirects
storage file_system {
root /mnt/data/caddy
}
servers {
# trusted_proxies placeholder
}
log {
level ERROR
}
}
https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see containers.json
{$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
header -Server
header -X-Powered-By
# Collabora
route /browser/* {
reverse_proxy {$COLLABORA_HOST}:9980
}
route /hosting/* {
reverse_proxy {$COLLABORA_HOST}:9980
}
route /cool/* {
reverse_proxy {$COLLABORA_HOST}:9980
}
# Notify Push
route /push/* {
uri strip_prefix /push
reverse_proxy {$NOTIFY_PUSH_HOST}:7867
}
# Onlyoffice
route /onlyoffice/* {
uri strip_prefix /onlyoffice
reverse_proxy {$ONLYOFFICE_HOST}:80 {
header_up X-Forwarded-Host {http.request.hostport}/onlyoffice
header_up X-Forwarded-Proto https
}
}
# Talk
route /standalone-signaling/* {
uri strip_prefix /standalone-signaling
reverse_proxy {$TALK_HOST}:8081
}
# Whiteboard
route /whiteboard/* {
uri strip_prefix /whiteboard
reverse_proxy {$WHITEBOARD_HOST}:3002
}
# Nextcloud
route {
header Strict-Transport-Security max-age=31536000;
reverse_proxy 127.0.0.1:8000
}
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
# TLS options
tls {
issuer acme {
disable_http_challenge
}
}
}

91
nextcloud-aio/Containers/apache/Dockerfile Normal file
View File

@@ -0,0 +1,91 @@
# syntax=docker/dockerfile:latest
FROM caddy:2.10.2-alpine AS caddy
# From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
FROM httpd:2.4.65-alpine3.22
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
COPY --chown=33:33 Caddyfile /Caddyfile
COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
COPY --chmod=664 supervisord.conf /supervisord.conf
COPY --chmod=775 start.sh /start.sh
COPY --chmod=775 healthcheck.sh /healthcheck.sh
VOLUME /mnt/data
RUN set -ex; \
apk upgrade --no-cache -a; \
apk add --no-cache shadow; \
groupmod -g 33 www-data; \
usermod -u 33 -g 33 www-data; \
apk del --no-cache shadow; \
\
mkdir -p /mnt/data; \
chown -R www-data:www-data /mnt/data; \
chown -R 777 /tmp; \
\
apk add --no-cache \
bash \
supervisor \
tzdata \
ca-certificates \
openssl \
bind-tools \
netcat-openbsd; \
\
sed -i \
-e '/^Listen /d' \
-e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
-e 's/^#\(LoadModule .*mod_brotli.so\)/\1/' \
-e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
-e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
-e 's/\(ScriptAlias \)/#\1/' \
/usr/local/apache2/conf/httpd.conf; \
echo "Include conf/nextcloud.conf" | tee -a /usr/local/apache2/conf/httpd.conf; \
echo "ServerName localhost" | tee -a /usr/local/apache2/conf/httpd.conf; \
# Sync this with max db connections and pm.max_children
# We don't actually expect so many workers but don't want to limit it artificially because people will report issues otherwise.
sed -i 's|MaxRequestWorkers.*|MaxRequestWorkers 5000|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
grep -q '<IfModule mpm_event_module>' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
# ServerLimit needs to be set to MaxRequestWorkers divided by ThreadsPerChild which is set to 25 by default
sed -i '/<IfModule mpm_event_module>/a\ \ \ \ ServerLimit 200' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
\
rm -rf /usr/local/apache2/conf/original /var/www; \
mkdir -p /var/www; \
chown -R www-data:www-data /var/www; \
\
mkdir /var/log/supervisord; \
mkdir /var/run/supervisord; \
chown www-data:www-data /var/run/supervisord; \
chown www-data:www-data /var/log/supervisord; \
chmod 777 /var/run/supervisord; \
chmod 777 /var/log/supervisord; \
\
chown -R www-data:www-data /usr/local/apache2; \
chmod +r -R /usr/local/apache2; \
mkdir -p /usr/local/apache2/logs; \
chmod 777 -R /home/www-data; \
chmod 777 -R /usr/local/apache2/logs; \
rm -rf /usr/local/apache2/cgi-bin/; \
\
echo "root:$(openssl rand -base64 12)" | chpasswd
USER 33
ENTRYPOINT ["/start.sh"]
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
org.label-schema.vendor="Nextcloud"

5
nextcloud-aio/Containers/apache/healthcheck.sh Normal file
View File

@@ -0,0 +1,5 @@
#!/bin/bash
nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
nc -z 127.0.0.1 8000 || exit 1
nc -z 127.0.0.1 "$APACHE_PORT" || exit 1

54
nextcloud-aio/Containers/apache/nextcloud.conf Normal file
View File

@@ -0,0 +1,54 @@
Listen 8000
<VirtualHost *:8000>
ServerName localhost
# Add error log
CustomLog /proc/self/fd/1 proxy
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
ErrorLog /proc/self/fd/2
ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
LogLevel warn
# PHP match
<FilesMatch "\.php$">
SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
</FilesMatch>
<Proxy "fcgi://${NEXTCLOUD_HOST}:9000" flushpackets=on>
</Proxy>
# Enable Brotli compression for js, css and svg files - other plain files are compressed by Nextcloud by default
<IfModule mod_brotli.c>
AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml
BrotliCompressionQuality 0
</IfModule>
# Nextcloud dir
DocumentRoot /var/www/html/
<Directory /var/www/html/>
Options Indexes FollowSymLinks
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
Satisfy Any
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
# Deny access to .ht files
<Files ".ht*">
Require all denied
</Files>
# See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
LimitRequestBody ${APACHE_MAX_SIZE}
# See https://httpd.apache.org/docs/current/mod/core.html#timeout
Timeout ${APACHE_MAX_TIME}
# See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
ProxyTimeout ${APACHE_MAX_TIME}
# See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
TraceEnable Off
</VirtualHost>

77
nextcloud-aio/Containers/apache/start.sh Normal file
View File

@@ -0,0 +1,77 @@
#!/bin/bash
if [ -z "$NC_DOMAIN" ]; then
echo "NC_DOMAIN and NEXTCLOUD_HOST need to be provided. Exiting!"
exit 1
fi
# Need write access to /mnt/data
if ! [ -w /mnt/data ]; then
echo "Cannot write to /mnt/data"
exit 1
fi
# Only start container if nextcloud is accessible
while ! nc -z "$NEXTCLOUD_HOST" 9000; do
echo "Waiting for Nextcloud to start..."
sleep 5
done
# Get ipv4-address of Apache
# shellcheck disable=SC2153
IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1)"
# Bring it in CIDR notation
# shellcheck disable=SC2001
IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')"
if [ -z "$APACHE_PORT" ]; then
export APACHE_PORT="443"
fi
# Change variables in case of reverse proxies
if [ "$APACHE_PORT" != '443' ]; then
export PROTOCOL="http"
export NC_DOMAIN=""
else
export PROTOCOL="https"
fi
# Change the auto_https in case of reverse proxies
if [ "$APACHE_PORT" != '443' ]; then
CADDYFILE="$(sed 's|auto_https.*|auto_https off|' /Caddyfile)"
else
CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
fi
echo "$CADDYFILE" > /tmp/Caddyfile
# Change the trusted_proxies in case of reverse proxies
if [ "$APACHE_PORT" != '443' ]; then
# Here the 100.64.0.0/10 range gets added which is the CGNAT range used by Tailscale nodes
# See https://github.com/nextcloud/all-in-one/pull/6703 for reference
CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges 100.64.0.0/10|' /tmp/Caddyfile)"
else
CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
fi
echo "$CADDYFILE" > /tmp/Caddyfile
# Remove additional domain if not given
if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
CADDYFILE="$(sed '/ADDITIONAL_TRUSTED_DOMAIN/d' /tmp/Caddyfile)"
fi
echo "$CADDYFILE" > /tmp/Caddyfile
# Fix the Caddyfile format
caddy fmt --overwrite /tmp/Caddyfile
# Add caddy path
mkdir -p /mnt/data/caddy/
# Fix caddy startup
if [ -d "/mnt/data/caddy/locks" ]; then
rm -rf /mnt/data/caddy/locks/*
fi
# Fix apache startup
rm -f /usr/local/apache2/logs/httpd.pid
exec "$@"

23
nextcloud-aio/Containers/apache/supervisord.conf Normal file
View File

@@ -0,0 +1,23 @@
[supervisord]
nodaemon=true
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB
logfile_backups=10
loglevel=error
[program:apache]
# Stdout logging is disabled as otherwise the logs are spammed
stdout_logfile=NONE
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=apachectl -DFOREGROUND
[program:caddy]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/usr/bin/caddy run --config /tmp/Caddyfile