jchaney / owncloud Goto Github PK

Hi,

First, thank for this good docker image. It is very useful!
I get a warning in my admin panel and in /var/log/cron/owncloud.log :

PHP is configured to populate raw post data. Since PHP 5.6 this will lead to PHP throwing notices for perfectly valid code.
To fix this issue set <code>always_populate_raw_post_data</code> to <code>-1</code> in your php.ini

If I do what it is asked, the warning disappear. Could you fix that in the image ?

Thanks in advance.

For security reason if changed the https port of my OwnCloud instance. After then the Android app DavDroid and the Linux OwnCloud client have some connection issues.

After i changed the port in Makefile line 82 from --publish $(docker_owncloud_https_port):443 \ to --publish $(docker_owncloud_https_port):12345 \ and in configs/nginx_ssl.conf line 62 from listen [::]:443 ssl spdy default_server ipv6only=off; to listen [::]:12345 ssl spdy default_server ipv6only=off; DavDroid and the OwnCloud client finally work.

I did not create a pull request because i have no idea how to manipulate nginx_ssl.conf on the fly. (And sorry for my bad english ;) )

Seems the NextCloud fork is doing great and will probably replace ownCloud in the near future. However, I as the maintainer of this image will stay with ownCloud for this image. However, I recommend that you check out NextCloud when you do a new deployment. If someone wants to support NextCloud using this Docker image as a base source, please go for it! I would recommend to create a fork of this repository and then maintain it there separately.

For now, I am continuing to maintain this image but when I am setting up new ownCloud/NextCloud instances I use DebOps (see under Related projects).

Related to: debops/ansible-owncloud#45

See #10 (comment)

To avoid the case where a user with admin permissions in ownCloud updates the container and on next redeployment of the container the instance might be downgraded. The official docker image for ownCloud solves this problem by making the ownCloud setup president. This will not be done for this image.

Example warning: 'Downgrading is not supported and is likely to cause unpredictable issues (from 8.2.1.4 to 8.1.4.2)'

Hi,
I'm trying to use your docker by pulling it directly from github, but after a make owncloud-production, the docker seems to start, then disappears from docker ps.

Did I miss something ?

Thanks !

Debian is the recommended base image for Docker. See https://docs.docker.com/articles/dockerfile_best-practices/#from

Any thoughts?

@jchaney @silvio
I would like to put this project under a FOSS license specifically AGPLv3
http://www.gnu.org/licenses/agpl-3.0.de.html
What do you think?

???make the choice about that configurable???

I love what you've done here, and would like to use the image, but I don't see any easy way to store the data outside of the container or anything designating a volume inside the container which would cause the data to persist; this seems to mean that you can't ever upgrade the container.

Am I missing something?

Users should not need to wait until I have tested a new ownCloud release. I would like to use https://docs.docker.com/docker-hub/builds/#create-an-automated-build and at least support a few stable releases. @jchaney Can you set that up?

I was curious how ssllabs would rate my brand new owncloud server. So I
tested it and initially got a B rating. The best improvement was to add a stronger (4096 bit) prime for diffie-hellman keyexchange.
So after a couple of small changes, i got it running and have a A+ rating now.
You can see what i did here, 3 lines basically.
It takes a while to build the image now, since I am generating the prime (which takes forever) in the Dockerfile.
So it is probably better to add a precalculated prime like rfc3526.

This might be something to discuss.

Hi, I'm new using CoreOs and don't know how user make...
*Some idea? *
Thanks in advance,

Since docker is phasing out --link in favor of docker network, is there an environmental variable for telling the owncloud container the address of my existing mysql container? For example, the official wordpress container has a WORDPRESS_DB_HOST variable.

Is it possible to recover MariaDB root password?

I launch recently an owncloud instance using your docker.
At this moment I noted only password for mysql user owncloud-production. I did not note the password for root.

After that I stopped and relaunch my owncloud. Upgrade the image (docker pull jchaney/owncloud) as well. Etc.

And now I find that I don't know the root password for mariadb.

make owncloud-mariadb-get-pw

does not show the correct information. Probably because each time when I launch
make owncloud-production
these passwords are generated randomly (shell pwgen --secure 40 1).

The procedure to recover root password for mysql/mariadb does not work as well, because in owncloud-mariadb container mysqld process have a PID 1, so I could not stop or kill it.

Even if it (owncloud docker) works well without knowing mariadb root password, it seems to me that it preferable to have this password to get access to the database in case of some troubles.

So is there some methods to recover root password in this situation?

I need set up the owncloud production environment but for some reason Nginx won't start...
here the output for my container:

with :ro into Makefile owncloud-production: owncloud-mariadb
nginx: [emerg] BIO_new_file("/owncloud/dhparam.pem")failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/owncloud/dhparam.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

without :ro into Makefile owncloud-production: owncloud-mariadb
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/ssl/certs/ssl-cert-snakeoil.pem") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

Someone know how fix it?
thanks in advance.

I'm not sure this a real issue. May be it's some problem with installation.
But actually Comments and Tags features don't work.

The Tag feature is not available at all (there is no field to add tag).

The Comment field is available. But when I add comment it gives some error ("[object Object]"). And the comment is not stored (or not added).

Using docker logs owncloud-production
I could see some error associated with this event :

==> /var/log/nginx/error.log <==
2017/03/01 18:10:22 [error] 121#0: *432 upstream sent invalid status "0" while reading response header from upstream, client: ::xxxx, server: , request: "POST /remote.php/dav/comments/files/672055/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xxxx"

(I put some xxx in the addresses, just because of little paranoia)

Although it's a some minor issue, just interesting why it happens. And is it easy to repair?

In the Makefile there is this line of code:

docker_owncloud_permanent_storage ?= /tmp/owncloud

I wasn't aware of this configuration till one day my local test installation just got completely corrupted and i first thought i have to blame docker itself because it just made an update in the same period of time.

Well, everybody should know that the "/tmp" folder is not meant to use for real data - whatever lands in /tmp is meant to be thrown away soon. The operating system is allowed to remove randomly data in /tmp whenever he wants, that's what /tmp is for...

So it is really negligent to make such a default configuration - in normal circumstances, no one want to ever store the real data of his owncloud in /tmp...

So i propose strongly to remove this and make any folder on the system the default, but not located in /tmp - you could prevent many future users from very bad surprises.

Due to a mismatch between the nginx configuration and the location of the ownCloud installation, it was possible to access user files without authentication when the filepath could be guessed. You can check this with https://owncloud.example.org/owncloud/data/owncloud.log. If this offers the log file for download, then you are vulnerable.

Fixed by commit: 7d270fe

Please update your instances!

Is somebody still using this image? As said before, I use DebOps and Nextcloud for new deployments. I don’t feel comfortable recommending this image. I don’t feel that this image is up to my personal standards anymore and I would recommend for people using it to either help out or search for a more up-to-date Docker image. If you find good/comparable once which are based on Debian, please mention them here.

Related to: #54

I'm really new to git, but i thought i's reach out. I was playing with the dockerfile and used it to deploy a container with for OwnCloud 8.2.0. I had some issues with the ACPu and gateway timing out when syncing/webdav. I added these lines;

sed -i 's_listen = /var/run/php5-fpm.sock_listen = 127.0.0.1:9000_' /etc/php5/fpm/pool.d/www.conf
sed -i 's_server unix:/var/run/php5-fpm.sock_ server 127.0.0.1:9000_' /etc/nginx/nginx.conf
sed -i 's!pm.max_children = 50!pm.max_children = 100!' /etc/php5/fpm/pool.d/www.conf
sed -i 's!;pm.max_requests = 500!pm.max_requests = 500!' /etc/php5/fpm/pool.d/www.conf
sed -i 's!pm.start_servers = 2!pm.start_servers = 20!' /etc/php5/fpm/pool.d/www.conf
sed -i 's!pm.min_spare_servers = 1!pm.min_spare_servers = 5!' /etc/php5/fpm/pool.d/www.conf
sed -i 's!pm.max_spare_servers = 3!pm.max_spare_servers = 30!' /etc/php5/fpm/pool.d/www.conf

https://discourse.mailinabox.email/t/consider-listening-on-port-instead-of-socket-for-php5-fpm/434/4
and
owncloud/core#14187

Just thought i'd pass it along in case you run across it.

Cheers

Arr0n

Docker run gives error on line 43 on nginx.conf

Hi and thanks for the great work!

My question is, if the docker image also works on arm based systems and if not what would need to change to do so?

Thanks and best regards
Jörg

I setup a docker-compose.yml file which works pretty well.

owncloud-db:
  container_name: owncloud-db
  image: ${image_mariadb}
  volumes:
    - ${docker_owncloud_permanent_storage}/db:/var/lib/mysql
  environment:
    - MYSQL_ROOT_PASSWORD=${docker_owncloud_mariadb_root_password}
    - MYSQL_USER=owncloud
    - MYSQL_DATABASE=owncloud
    - MYSQL_PASSWORD=${docker_owncloud_mariadb_user_password}

owncloud-server:
  container_name: owncloud-server
  # image: ${image_owncloud}
  build: owncloud
  links:
    - owncloud-db:mysql
  ports:
    - "${docker_owncloud_http_port}:80"
    - "${docker_owncloud_https_port}:443"
  volumes:
    - ${docker_owncloud_permanent_storage}/data:/var/www/owncloud/data
    - ${docker_owncloud_permanent_storage}/additional_apps:/var/www/owncloud/apps_persistent
    - ${docker_owncloud_permanent_storage}/config:/owncloud
    - ${docker_owncloud_ssl_cert}:/owncloud.cert:ro
    - ${docker_owncloud_ssl_key}:/owncloud.key:ro
  environment:
    - OWNCLOUD_IN_ROOTPATH=${docker_owncloud_in_root_path}
    - OWNCLOUD_SERVERNAME=${docker_owncloud_servername}
    - SSL_CERT="/owncloud.cert"
    - SSL_KEY="/owncloud.key"

I use these variables :

export docker_owncloud_http_port="80"
export docker_owncloud_https_port="443"
export docker_owncloud_in_root_path="1"
export docker_owncloud_permanent_storage="/home/hadim/owncloud_data"
export docker_owncloud_ssl_cert="./certs/cloud.cert"
export docker_owncloud_ssl_key="./certs/cloud.key"
export docker_owncloud_servername="arwen.hadim.fr"

export docker_owncloud_mariadb_root_password=$(pwgen --secure 40 1)
export docker_owncloud_mariadb_user_password=$(pwgen --secure 40 1)

export image_owncloud="jchaney/owncloud"
export image_mariadb="mysql"  # mariadb raises weird errors I don't understand...

And I also needed to slighty modify your repo :

diff --git a/configs/owncloud_config.php b/configs/owncloud_config.php
index c0a18b2..6d33202 100644
--- a/configs/owncloud_config.php
+++ b/configs/owncloud_config.php
@@ -19,4 +19,11 @@ $CONFIG = array (
             'writable' => true,
         ),
     ),
+
+    "dbtype"        => "mysql",
+    "dbname"        => "conf_dbname",
+    "dbuser"        => "conf_dbuser",
+    "dbpassword"    => "conf_dbpassword",
+    "dbhost"        => "conf_dbhost",
+    "dbtableprefix" => "oc_",
 );
diff --git a/misc/bootstrap.sh b/misc/bootstrap.sh
index e8a8f33..f79dceb 100755
--- a/misc/bootstrap.sh
+++ b/misc/bootstrap.sh
@@ -7,6 +7,25 @@ touch /var/log/cron/owncloud.log
 test -e /owncloud/config.php || cp /root/owncloud_config.php /owncloud/config.php
 test -e /owncloud/3party_apps.conf || cp /root/3party_apps.conf /owncloud/

+# Check wether a mysql database is linked
+if [ -z "$MYSQL_PORT_3306_TCP_ADDR" ]
+then
+    # Erase database configuration of owncloud if no database are linked
+    sed -i 's/dbtype/d' /owncloud/config.php
+    sed -i 's/dbname/d' /owncloud/config.php
+    sed -i 's/dbuser/d' /owncloud/config.php
+    sed -i 's/dbpassword/d' /owncloud/config.php
+    sed -i 's/dbhost/d' /owncloud/config.php
+    sed -i 's/dbtableprefix/d' /owncloud/config.php
+else
+    # Set the configuration to the linked mysql database
+    sed -i "s/conf_dbname/$MYSQL_ENV_MYSQL_DATABASE/g" /owncloud/config.php
+    sed -i "s/conf_dbuser/$MYSQL_ENV_MYSQL_USER/g" /owncloud/config.php
+    sed -i "s/conf_dbpassword/$MYSQL_ENV_MYSQL_PASSWORD/g" /owncloud/config.php
+    sed -i "s/conf_dbhost/$MYSQL_PORT_3306_TCP_ADDR:$MYSQL_PORT_3306_TCP_PORT/g" /owncloud/config.p
+
+fi
+
 if [ -z "$SSL_CERT" ]
 then
     echo "Copying nginx.conf without SSL support …"

Unfortunately automatic database configuration does not work and I still need to execute the following command to get the credentials and then manually enter them in the owncloud wizard:

$ docker exec -ti owncloud-server cat /owncloud/config.php
<?php
$CONFIG = array (
  'installed' => false,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/owncloud/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/owncloud/apps_persistent',
      'url' => '/apps_persistent',
      'writable' => true,
    ),
  ),
  'dbtype' => 'mysql',
  'dbname' => 'owncloud',
  'dbuser' => 'owncloud',
  'dbpassword' => '78ryLjuqkG8Rx7kyNhAVNmVfo22Cqh8wPoQSrsBK',
  'dbhost' => '172.17.0.2:3306',
  'dbtableprefix' => 'oc_',
  'instanceid' => 'ocb8cq8uf1f7',
);

Thansk anyway for your work on this image !

can someone push owncloud 9 to this image?

It seems that Docker Hub currently only builds automated builds when the repository pushes a new commit and not additionally when the base images changes. This resulted in this image being vulnerable (example: dsa-3481) too long (until the maintainer pushes the next commit). This is unacceptable. Am I missing something and can Docker Hub be configured to rebuild on base image change? If not I intent to install a cron job which triggers a rebuild daily.

Seems I am not the first one with this problem: How to automatically update your docker containers, if base-images are updated. I guess the cron job rebuild trigger is a good idea.

At first thank you very much for your job.

Nevertheless :-) I have some problem to get it work. Probably I did something wrong, but I could not found what.

1. I successfully built docker image using "make build"
2. then I started owncloud-production (make owncloud-production)
3. the both containers (mariadb and owncloud-production started successfully)
   $ docker ps
   1c0b09191e8c jchaney/owncloud "bootstrap.sh" About an hour ago Up About an hour 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp owncloud-production
   584bd684e7da mariadb "docker-entrypoint.sh" About an hour ago Up About an hour 3306/tcp owncloud-mariadb

And I could connect to owncloud web-interface
4) I got mariadb password using : make owncloud-mariadb-get-pw

5. but when I try to use it to configure database for owncloud (using web-interface), I got the problem with database

Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1045] Access denied for user 'owncloud-production'@'172.17.0.5' (using password: YES)

6. As additional steps.
   make owncloud-mariadb-cli - does not work neither;

If I try to go to mariadb container and try to connect to database locally, it does not work.

$ docker exec -it owncloud-mariadb /bin/bash
root@584bd684e7da:/# mysql -h localhost -uowncloud-production -p
Enter password:
ERROR 1045 (28000): Access denied for user 'owncloud-production'@'localhost' (using password: YES)

So... could you give a clue where to search the solution?
May be there is something that I don't understand about pwgen and how to get mariadb password?

Thank you very much in advance.

Thanks,
Paul Zakharov

Hey Josh,

first of all, awesome owncloud docker image! Just one thing that would make the image perfect: cron support. This would speed up site access significantly.

http://doc.owncloud.org/server/7.0/admin_manual/configuration/background_jobs.html#cron

To have proper cron support, I would also recommend using a dockerized ubuntu base image:
https://registry.hub.docker.com/u/phusion/baseimage/

I could implement and test such a change, would you accept pull requests?

Best regards,

Olaf

This is actually a follow up of #55

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- core
    - INVALID_HASH
        - .user.ini
    - EXTRA_FILE
        - .user.inie

Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [.user.ini] => Array
                        (
                            [expected] => 0a557e3cdca4c2e3675deed761d79d109011dcdebbd9c7f6429f1d3476938ec95729543d7384651d1d0c48e26c5024cc5f517445920915a704ea748bdb903c5f
                            [current] => a923312c4f59ed57284843fdeae44658856634488513cf7d01d2e3f49c6dc6ab5ded5bc4649dde5186505f864ae86941e2a65e9d8a5965329921802b18322d3c
                        )

                )

            [EXTRA_FILE] => Array
                (
                    [.user.inie] => Array
                        (
                            [expected] => 
                            [current] => 6bdf1cf3bf08df0e82bdfca564a7d1e986f632a41417bcf63745be84c57721abaa03d0fb53ad236b910b0e99e602e5312d45ce3819feb470e98927bb4b1854f3
                        )

                )

        )

)

See ypid@fd5a100