From 00a85a19992c055c1efcd3f091fc30e808ecc2f3 Mon Sep 17 00:00:00 2001 From: Simon L Date: Tue, 8 Nov 2022 21:38:31 +0100 Subject: [PATCH] allow to add dependencies and php extensions into the Nextcloud container Signed-off-by: Simon L --- .github/workflows/nextcloud-update.yml | 4 ++-- Containers/mastercontainer/start.sh | 16 ++++++++++++++ Containers/nextcloud/Dockerfile | 2 -- Containers/nextcloud/start.sh | 28 +++++++++++++++++++++++++ docker-compose.yml | 2 ++ manual-install/update-yaml.sh | 2 ++ php/containers.json | 4 +++- php/src/Data/ConfigurationManager.php | 14 +++++++++++++ php/src/Docker/DockerActionManager.php | 4 ++++ readme.md | 10 +++++++++ tests/QA/060-environmental-variables.md | 2 ++ 11 files changed, 83 insertions(+), 5 deletions(-) diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index aa6814967bfa..a14a11e5e4ef 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -57,8 +57,8 @@ jobs: | sort -V \ | tail -1 )" - sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile - + sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version|" ./Containers/nextcloud/start.sh + # Nextcloud NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')" NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index c57b42078dae..1bcb7a924c27 100755 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -169,6 +169,22 @@ It is set to '$TRUSTED_CACERTS_DIR '." exit 1 fi fi +if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then + if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z _-]\+$"; then + echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value. +It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'. +It is set to '$NEXTCLOUD_ADDITIONAL_APKS'." + exit 1 + fi +fi +if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then + if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z _-]\+$"; then + echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value. +It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'. +It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'." + exit 1 + fi +fi # Check DNS resolution # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565 diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 5bd0a4b1733c..a4f9e4c1aff0 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -64,13 +64,11 @@ RUN set -ex; \ pecl install APCu-5.1.22; \ pecl install memcached-3.2.0; \ pecl install redis-5.3.7; \ - pecl install imagick-3.7.0; \ \ docker-php-ext-enable \ apcu \ memcached \ redis \ - imagick \ ; \ rm -r /tmp/pear; \ \ diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh index 851096abfd4e..b6a3c749cc8b 100644 --- a/Containers/nextcloud/start.sh +++ b/Containers/nextcloud/start.sh @@ -36,6 +36,34 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then fi sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" +# Install additional dependencies +if [ -n "$ADDITIONAL_APKS" ]; then + if ! [ -f "/additional-apks-are-installed" ]; then + read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS" + for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do + apk add "$app" + done + fi + touch /additional-apks-are-installed +fi + +# Install additional php extensions +if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then + if ! [ -f "/additional-php-extensions-are-installed" ]; then + read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS" + for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do + if [ "$app" = imagick ]; then + pecl install imagick-3.7.0 + docker-php-ext-enable imagick + else + pecl install "$app" + docker-php-ext-enable "$app" + fi + done + fi + touch /additional-php-extensions-are-installed +fi + # Run original entrypoint if ! sudo -E -u www-data bash /entrypoint.sh; then exit 1 diff --git a/docker-compose.yml b/docker-compose.yml index f047f3417da6..dae844607b8d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,6 +28,8 @@ services: # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature + # - NEXTCLOUD_ADDITIONAL_APKS=imagick # This allows to add additional packages to the Nextcloud container permanently. + # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588 diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index d8945f7b9126..1c495052ee05 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -75,6 +75,8 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com # TODO! Needs to be chang sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD= # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin # TODO! This is the timezone that your containers will use.|' sample.conf sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf +sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagick # This allows to add additional packages to the Nextcloud container permanently.|' sample.conf +sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf sed -i 's|=$|= # TODO! This needs to be a unique and good password!|' sample.conf cat sample.conf diff --git a/php/containers.json b/php/containers.json index 50fe1d1ed14b..0b78faf402ca 100644 --- a/php/containers.json +++ b/php/containers.json @@ -156,7 +156,9 @@ "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%", "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch", "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%", - "TRUSTED_CACERTS_DIR=%TRUSTED_CACERTS_DIR%" + "TRUSTED_CACERTS_DIR=%TRUSTED_CACERTS_DIR%", + "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%", + "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%" ], "maxShutdownTime": 10, "restartPolicy": "unless-stopped" diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index b1f3b56001c8..15e21eda6556 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -554,6 +554,20 @@ public function GetTrustedCacertsDir() : string { return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); } + public function GetNextcloudAdditionalApks() : string { + $envVariableName = 'NEXTCLOUD_ADDITIONAL_APKS'; + $configName = 'nextcloud_additional_apks'; + $defaultValue = ''; + return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue)); + } + + public function GetNextcloudAdditionalPhpExtensions() : string { + $envVariableName = 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'; + $configName = 'nextcloud_additional_php_extensions'; + $defaultValue = 'imagick'; + return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue)); + } + public function GetCollaboraSeccompPolicy() : string { $defaultString = '--o:security.seccomp='; if ($this->GetCollaboraSeccompDisabledState() !== 'true') { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 19fa478925fc..93e3f3d31c88 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -328,6 +328,10 @@ public function CreateContainer(Container $container) : void { $replacements[1] = $this->configurationManager->GetApacheMaxSize(); } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') { $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy(); + } elseif ($out[1] === '%NEXTCLOUD_ADDITIONAL_APKS%') { + $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks(); + } elseif ($out[1] === '%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%') { + $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions(); } else { $replacements[1] = $this->configurationManager->GetSecret($out[1]); } diff --git a/readme.md b/readme.md index 742e0fec0d20..06094ce22202 100644 --- a/readme.md +++ b/readme.md @@ -446,6 +446,16 @@ If you get an error during the domain validation which states that your ip-addre ### How to run this with docker rootless? You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md) +### How to add packets permanently to the Nextcloud container? +Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require external dependencies. + +You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS=dependency1 dependency2` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer= + +### How to add PHP extensions permanently to the Nextcloud container? +Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require additional php extensions. + +You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick extension1 extension2` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well. + ### Huge docker logs When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/ diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md index 323c236e6270..80b4cd148218 100644 --- a/tests/QA/060-environmental-variables.md +++ b/tests/QA/060-environmental-variables.md @@ -14,5 +14,7 @@ - [ ] When starting the mastercontainer with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host. See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it. +- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed. +- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension. You can now continue with [070-timezone-change.md](./070-timezone-change.md)