forked from coop-cloud/nextcloud
Compare commits
1 Commits
3.0.1+25.0
...
embed_next
| Author | SHA1 | Date | |
|---|---|---|---|
| e8a8f636d0 |
@ -11,17 +11,11 @@ steps:
|
||||
purge: true
|
||||
deploy_key:
|
||||
from_secret: drone_ssh_swarm_test
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
DOMAIN: nextcloud.swarm-test.autonomic.zone
|
||||
STACK_NAME: nextcloud
|
||||
LETS_ENCRYPT_ENV: production
|
||||
ADMIN_USER: foobar
|
||||
FPM_TUNE_VERSION: v1
|
||||
NGINX_CONF_VERSION: v1
|
||||
MY_CNF_VERSION: v1
|
||||
ENTRYPOINT_VERSION: v1
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION: v1
|
||||
SECRET_ADMIN_PASSWORD_VERSION: v1
|
||||
|
||||
@ -19,5 +19,3 @@ EXTRA_VOLUME=/dev/null:/tmp/.dummy
|
||||
|
||||
# X_FRAME_OPTIONS_ENABLED=1
|
||||
# X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org
|
||||
# APPS="calendar sociallogin onlyoffice"
|
||||
|
||||
|
||||
124
abra.sh
124
abra.sh
@ -1,38 +1,106 @@
|
||||
#!/bin/bash
|
||||
|
||||
export FPM_TUNE_VERSION=v4
|
||||
export NGINX_CONF_VERSION=v4
|
||||
export NGINX_CONF_VERSION=v3
|
||||
export MY_CNF_VERSION=v4
|
||||
export ENTRYPOINT_VERSION=v2
|
||||
export ENTRYPOINT_VERSION=v1
|
||||
|
||||
run_occ(){
|
||||
su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
|
||||
NC_APP_DIR="app:/var/www/html"
|
||||
|
||||
sub_occ(){
|
||||
# shellcheck disable=SC2034
|
||||
abra__service_="app"
|
||||
# shellcheck disable=SC2034
|
||||
abra___user="www-data"
|
||||
sub_app_run php /var/www/html/occ "$@"
|
||||
}
|
||||
|
||||
install_apps(){
|
||||
install_apps="$@"
|
||||
if [ -z "$install_apps" ]
|
||||
then
|
||||
install_apps=$APPS
|
||||
fi
|
||||
for app in $install_apps
|
||||
do
|
||||
run_occ "app:install $app"
|
||||
done
|
||||
_backup_app() {
|
||||
# Copied _abra_backup_dir to make UX better on restore and backup
|
||||
{
|
||||
abra__src_="$1"
|
||||
abra__dst_="-"
|
||||
}
|
||||
|
||||
set_app_config(){
|
||||
APP=$1
|
||||
KEY=$2
|
||||
VALUE=$3
|
||||
run_occ "config:app:set $APP $KEY --value $VALUE"
|
||||
# shellcheck disable=SC2154
|
||||
FILENAME="$(basename "$1").tar"
|
||||
|
||||
debug "Copying '$1' to '$FILENAME'"
|
||||
|
||||
silence
|
||||
mkdir -p /tmp/abra
|
||||
sub_app_cp > /tmp/abra/$FILENAME
|
||||
unsilence
|
||||
}
|
||||
|
||||
install_bbb(){
|
||||
URL=$1 # https://talk.example.org/bigbluebutton/ (trailing slash!)
|
||||
SECRET=$2 # bbb secret key
|
||||
install_apps bbb
|
||||
set_app_config bbb app.navigation true
|
||||
set_app_config bbb api.url "$URL"
|
||||
set_app_config bbb api.secret "$SECRET"
|
||||
next_maintenance_on() {
|
||||
silence
|
||||
sub_occ maintenance:mode --on > /dev/null
|
||||
unsilence
|
||||
debug "Nextcloud maintenance mode enabled"
|
||||
}
|
||||
|
||||
next_maintenance_off() {
|
||||
silence
|
||||
sub_occ maintenance:mode --off > /dev/null
|
||||
unsilence
|
||||
debug "Nextcloud maintenance mode disabled"
|
||||
}
|
||||
|
||||
abra_backup_app() {
|
||||
# shellcheck disable=SC2154
|
||||
ARK_FILENAME="$ABRA_BACKUP_DIR/${abra__app_}_app_$(date +%F).tar.gz"
|
||||
# Cant be FILENAME as that gets changed by something
|
||||
next_maintenance_on
|
||||
_backup_app $NC_APP_DIR/config
|
||||
_backup_app $NC_APP_DIR/data
|
||||
_backup_app $NC_APP_DIR/themes
|
||||
# Combine archives
|
||||
tar -Af /tmp/abra/config.tar /tmp/abra/data.tar
|
||||
tar -Af /tmp/abra/config.tar /tmp/abra/themes.tar
|
||||
gzip /tmp/abra/config.tar -c > "$ARK_FILENAME"
|
||||
rm /tmp/abra/*.tar
|
||||
success "Backed up 'app' to $ARK_FILENAME"
|
||||
next_maintenance_off
|
||||
}
|
||||
|
||||
abra_backup_db() {
|
||||
next_maintenance_on
|
||||
_abra_backup_mysql "db" "nextcloud"
|
||||
next_maintenance_off
|
||||
}
|
||||
|
||||
abra_backup() {
|
||||
abra_backup_app && abra_backup_db
|
||||
}
|
||||
|
||||
|
||||
abra_restore_app() {
|
||||
next_maintenance_on
|
||||
# shellcheck disable=SC2034
|
||||
{
|
||||
abra__src_="-"
|
||||
abra__dst_=$NC_APP_DIR
|
||||
}
|
||||
|
||||
zcat "$@" | sub_app_cp
|
||||
|
||||
next_maintenance_off
|
||||
sub_occ files:scan --all > /dev/null # Needs to be run in normal mode
|
||||
success "Restored 'app'"
|
||||
}
|
||||
|
||||
# abra_restore_db() {
|
||||
# warning "Restoring the database is on a existing app and not a new one has not been tested. Use with caution."
|
||||
# next_maintenance_on
|
||||
# # 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we
|
||||
# # got this far..
|
||||
|
||||
# # shellcheck disable=SC2034
|
||||
# abra___no_tty="true"
|
||||
|
||||
# DB_PASSWORD=$(sub_app_run cat /run/secrets/db_password)
|
||||
|
||||
# zcat "$@" | sub_app_run mysql -u root -p"$DB_PASSWORD" wordpress
|
||||
|
||||
# success "Restored 'db'"
|
||||
# next_maintenance_off
|
||||
# }
|
||||
|
||||
@ -2,6 +2,7 @@ version: '3.8'
|
||||
|
||||
services:
|
||||
app:
|
||||
entrypoint: "sh -c 'sleep 10 && /entrypoint.sh php-fpm'" # tries to mitigate this error with postgres https://github.com/nextcloud/docker/issues/1204
|
||||
environment:
|
||||
- POSTGRES_HOST=db
|
||||
- POSTGRES_DB=nextcloud
|
||||
|
||||
13
compose.yml
13
compose.yml
@ -1,7 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
web:
|
||||
image: nginx:1.23.2
|
||||
image: nginx:1.23.1
|
||||
configs:
|
||||
- source: nginx_conf
|
||||
target: /etc/nginx/nginx.conf
|
||||
@ -35,7 +35,7 @@ services:
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
|
||||
app:
|
||||
image: nextcloud:25.0.1-fpm
|
||||
image: nextcloud:24.0.3-fpm
|
||||
depends_on:
|
||||
- db
|
||||
configs:
|
||||
@ -49,7 +49,6 @@ services:
|
||||
- db_password
|
||||
- admin_password
|
||||
environment:
|
||||
- APPS
|
||||
- X_FRAME_OPTIONS_ALLOW_FROM
|
||||
- X_FRAME_OPTIONS_ENABLED
|
||||
- DOMAIN
|
||||
@ -78,12 +77,12 @@ services:
|
||||
failure_action: rollback
|
||||
order: start-first
|
||||
labels:
|
||||
- "coop-cloud.${STACK_NAME}.version=3.0.1+25.0.1-fpm"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.1.2+24.0.3-fpm"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
|
||||
|
||||
cron:
|
||||
image: nextcloud:25.0.1-fpm
|
||||
image: nextcloud:24.0.3-fpm
|
||||
volumes:
|
||||
- nextcloud:/var/www/html/
|
||||
- nextapps:/var/www/html/custom_apps:cached
|
||||
@ -95,7 +94,7 @@ services:
|
||||
entrypoint: /cron.sh
|
||||
|
||||
cache:
|
||||
image: redis:7.0.5-alpine
|
||||
image: redis:7.0.4-alpine
|
||||
networks:
|
||||
- internal
|
||||
volumes:
|
||||
@ -107,7 +106,7 @@ secrets:
|
||||
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||
admin_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
|
||||
|
||||
@ -1,8 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "Giving the db container some time to come up"; sleep 20
|
||||
# see this issue with postgres db https://github.com/nextcloud/docker/issues/1204
|
||||
|
||||
{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
|
||||
if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Http/ContentSecurityPolicy.php) ]]; then
|
||||
sed -i "91 a\\\t\t'{{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}', " lib/public/AppFramework/Http/ContentSecurityPolicy.php
|
||||
|
||||
@ -67,7 +67,8 @@ http {
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
|
||||
add_header Content-Security-Policy "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} {{ env "DOMAIN" }}";
|
||||
add_header X-Frame-Options "{{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}" always;
|
||||
add_header Content-Security-Policy "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}";
|
||||
{{ else }}
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
{{ end }}
|
||||
|
||||
Reference in New Issue
Block a user