Reverting back gitignore

Changes to cron version image
Version numbers back up
2022-11-13 00:51:03 +00:00 · 2022-11-12 12:53:29 +00:00 · 2022-11-11 22:04:50 +00:00 · 2022-11-11 17:26:15 +00:00 · 2022-11-11 17:18:42 +00:00 · 2022-11-09 09:48:22 +00:00
9 changed files with 88 additions and 15 deletions
--- a/.env.sample
+++ b/.env.sample
@ -1,6 +1,6 @@
 TYPE=nextcloud

-DOMAIN=nextcloud.example.com
+DOMAIN={{ .Domain }}
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.nextcloud.example.com`'
 LETS_ENCRYPT_ENV=production
@ -16,3 +16,8 @@ SECRET_DB_PASSWORD_VERSION=v1
 SECRET_ADMIN_PASSWORD_VERSION=v1

 EXTRA_VOLUME=/dev/null:/tmp/.dummy
+
+# X_FRAME_OPTIONS_ENABLED=1
+# X_FRAME_OPTIONS_ALLOW_FROM=embedding-site.example.org
+# APPS="calendar sociallogin onlyoffice"
+
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 /.envrc
+
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -1,5 +0,0 @@
-{
-    "shellcheck.customArgs": [
-        "--shell=bash"
-    ]
-}
--- a/README.md
+++ b/README.md
@ -166,3 +166,27 @@ Here is an example CSS config which hides the local login and makes space for a
 [nextcloud-docker]: https://hub.docker.com/_/nextcloud/
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
 [`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
+
+## Using [`previewgenerator`](https://github.com/nextcloud/previewgenerator) app
+
+> Beware, this appp has been known to not work...
+
+After you install, enable etc. then you need to run the generation (**warning**: it can take a long time!):
+
+```
+abra app run <domain> app bash -u www-data
+./occ preview:generate-all
+```
+
+To set up the cron to run again, there is [no clear solution in the context of
+containers](https://github.com/nextcloud/previewgenerator/issues/1). So, a
+pretty dodgy hack is to run it from the system directly:
+
+```
+root@foo.com /etc/cron.hourly $ cat foo-com-preview-generate 
+#!/bin/bash
+
+docker exec -u www-data $(docker ps -f name=foo_com_app -q) ./occ preview:pre-generate
+```
+
+This app will improve performance of image browsing at the cost of storage space.
--- a/abra.sh
+++ b/abra.sh
@ -1,6 +1,7 @@
 export FPM_TUNE_VERSION=v4
-export NGINX_CONF_VERSION=v2
+export NGINX_CONF_VERSION=v4
 export MY_CNF_VERSION=v4
+export ENTRYPOINT_VERSION=v2

 NC_APP_DIR="app:/var/www/html"

@ -12,6 +13,22 @@ sub_occ(){
  sub_app_run php /var/www/html/occ "$@"
 }

+run_occ(){
+    su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
+}
+
+install_apps(){
+    install_apps="$@"
+    if [ -z "$install_apps" ]
+    then
+        install_apps=$APPS
+    fi
+    for app in $install_apps
+    do
+        run_occ "app:install $app"
+    done
+}
+
 _backup_app() {
  # Copied _abra_backup_dir to make UX better on restore and backup
  {
--- a/compose.postgres.yml
+++ b/compose.postgres.yml
@ -2,7 +2,6 @@ version: '3.8'

 services:
  app:
-    entrypoint: "sh -c 'sleep 10 && /entrypoint.sh php-fpm'" # tries to mitigate this error with postgres https://github.com/nextcloud/docker/issues/1204
    environment:
      - POSTGRES_HOST=db
      - POSTGRES_DB=nextcloud
--- a/compose.yml
+++ b/compose.yml
@ -1,11 +1,13 @@
 version: "3.8"
 services:
  web:
-    image: nginx:1.21.6
+    image: nginx:1.22.1
    configs:
      - source: nginx_conf
        target: /etc/nginx/nginx.conf
    environment:
+      - X_FRAME_OPTIONS_ALLOW_FROM
+      - X_FRAME_OPTIONS_ENABLED
      - DOMAIN
      - STACK_NAME
    volumes:
@ -33,16 +35,23 @@ services:
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"

  app:
-    image: nextcloud:24.0.0-fpm
+    image: nextcloud:25.0.1-fpm
    depends_on:
      - db
    configs:
      - source: fpm_tune
        target: /usr/local/etc/php-fpm.d/fpm-tune.conf
+      - source: entrypoint
+        target: /custom-entrypoint.sh
+        mode: 555
+    entrypoint: /custom-entrypoint.sh
    secrets:
      - db_password
      - admin_password
    environment:
+      - APPS
+      - X_FRAME_OPTIONS_ALLOW_FROM
+      - X_FRAME_OPTIONS_ENABLED
      - DOMAIN
      - STACK_NAME
      - NEXTCLOUD_ADMIN_USER=${ADMIN_USER}
@ -69,13 +78,12 @@ services:
        failure_action: rollback
        order: start-first
      labels:
-        - "coop-cloud.${STACK_NAME}.version=2.1.0+24.0.0-fpm"
+        - "coop-cloud.${STACK_NAME}.version=2.1.6+25.0.1-fpm"
        - "backupbot.backup=true"
        - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"

-
  cron:
-    image: nextcloud:24.0.0-fpm
+    image: nextcloud:25.0.1-fpm
    volumes:
      - nextcloud:/var/www/html/
      - nextapps:/var/www/html/custom_apps:cached
@ -87,7 +95,7 @@ services:
    entrypoint: /cron.sh

  cache:
-    image: redis:7.0.0-alpine
+    image: redis:7.0.5-alpine
    networks:
      - internal
    volumes:
@ -111,6 +119,7 @@ volumes:
  nextconfig:
  redis:

+
 configs:
  nginx_conf:
    name: ${STACK_NAME}_nginx_${NGINX_CONF_VERSION}
@ -119,6 +128,10 @@ configs:
  fpm_tune:
    name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION}
    file: fpm-tune.ini
+  entrypoint:
+    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
+    file: entrypoint.sh.tmpl
+    template_driver: golang

 networks:
  proxy:
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -0,0 +1,12 @@
+#!/bin/bash
+
+echo "Giving the db container some time to come up"; sleep 20
+# see this issue with postgres db https://github.com/nextcloud/docker/issues/1204
+
+{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
+if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Http/ContentSecurityPolicy.php) ]]; then
+    sed -i "91 a\\\t\t'{{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}', " lib/public/AppFramework/Http/ContentSecurityPolicy.php
+fi
+{{ end }}
+
+/entrypoint.sh php-fpm
--- a/nginx.conf.tmpl
+++ b/nginx.conf.tmpl
@ -41,6 +41,7 @@ http {
        # could take several months.
        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

+
        # set max upload size
        client_max_body_size 512M;
        fastcgi_buffers 64 4K;
@ -61,11 +62,17 @@ http {
        add_header Referrer-Policy                      "no-referrer"   always;
        add_header X-Content-Type-Options               "nosniff"       always;
        add_header X-Download-Options                   "noopen"        always;
-        add_header X-Frame-Options                      "SAMEORIGIN"    always;
        add_header X-Permitted-Cross-Domain-Policies    "none"          always;
        add_header X-Robots-Tag                         "none"          always;
        add_header X-XSS-Protection                     "1; mode=block" always;

+        {{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
+        add_header Content-Security-Policy              "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} {{ env "DOMAIN" }}";
+        {{ else }}
+        add_header X-Frame-Options                      "SAMEORIGIN"    always;
+        {{ end }}
+
+
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
Author	SHA1	Message	Date
javielico	8b138eac19	Reverting back gitignore	2022-11-13 00:51:03 +00:00
javielico	819378f3fb	Changes to cron version image	2022-11-12 12:53:29 +00:00
javielico	8dcc2925ea	Version numbers back up	2022-11-11 22:04:50 +00:00
javielico	2ec6f21dd1	Up version on Nginx and Nextcloud to stable	2022-11-11 17:26:15 +00:00
javielico	9a070231c7	Adding some more variables on ignore	2022-11-11 17:18:42 +00:00
decentral1se	63ce9a6fb9	Merge pull request 'Automatically install apps specified via env variable.' (#29 ) from auto_app_install into main Reviewed-on: coop-cloud/nextcloud#29	2022-11-09 09:48:22 +00:00
Moritz	827cb16964	abra.sh post-deployment command to install apps	2022-11-08 16:39:32 +01:00
Moritz	992992d678	Revert "Automatically install apps specified via env variable." for entrypoint.sh.tmpl This reverts commit 20f0a45baf110a6b5575b2403f6c8cd5dab714c8 for entrypoint.sh.tmpl	2022-11-08 15:41:37 +01:00
Moritz	20f0a45baf	Automatically install apps specified via env variable.	2022-11-08 12:31:24 +01:00
Philipp Rothmann	e996b5c057	chore: publish 2.1.4+24.0.6-fpm release	2022-10-13 17:12:29 +02:00
Philipp Rothmann	0aabef8f7b	let app container wait for db init	2022-10-13 16:58:10 +02:00
Philipp Rothmann	2be42d0a84	fix frame ancestors	2022-10-11 16:12:04 +02:00
Philipp Rothmann	e76454c4fd	.env.sample template domain	2022-09-13 16:37:55 +02:00
Philipp Rothmann	ec39fd5fed	chore: publish 2.1.3+24.0.5-fpm release	2022-09-13 15:44:24 +02:00
yksflip	16ad6c22ea	add headers to embed nextcloud in frame on external site (#28 ) This introduces new env variables to configure nextloud to be embedded via iframe on an external site. Setting X_FRAME_OPTIONS_ENABLED=1 will configure nginx and nextcloud to set X-Frame-Options and CSP headers to allow the domain configured in X_FRAME_OPTIONS_ALLOW_FROM. I created a PR because I'm not sure if this is helpful for other people or just a custom hack that bloats the recipe :D Co-authored-by: Philipp Rothmann <philipprothmann@posteo.de> Reviewed-on: coop-cloud/nextcloud#28	2022-09-02 14:32:04 +00:00
Philipp Rothmann	daa57eece9	chore: publish 2.1.2+24.0.3-fpm release	2022-08-04 18:39:44 +02:00
decentral1se	2ddf11728f	add note about broken-ness	2022-08-03 13:39:31 +03:00
decentral1se	71d15ef4df	fix typo	2022-08-03 11:51:35 +03:00
decentral1se	0d4f060e94	add note on previewgenerator	2022-08-03 11:50:15 +03:00
decentral1se	1e1977a2b4	chore: publish 2.1.1+24.0.2-fpm release	2022-07-14 10:51:54 +02:00