jchaney / owncloud Goto Github PK
View Code? Open in Web Editor NEWdocker image
License: GNU Affero General Public License v3.0
docker image
License: GNU Affero General Public License v3.0
Hi,
First, thank for this good docker image. It is very useful!
I get a warning in my admin panel and in /var/log/cron/owncloud.log :
PHP is configured to populate raw post data. Since PHP 5.6 this will lead to PHP throwing notices for perfectly valid code.
To fix this issue set <code>always_populate_raw_post_data</code> to <code>-1</code> in your php.ini
If I do what it is asked, the warning disappear. Could you fix that in the image ?
Thanks in advance.
For security reason if changed the https port of my OwnCloud instance. After then the Android app DavDroid and the Linux OwnCloud client have some connection issues.
After i changed the port in Makefile line 82 from --publish $(docker_owncloud_https_port):443 \
to --publish $(docker_owncloud_https_port):12345 \
and in configs/nginx_ssl.conf line 62 from listen [::]:443 ssl spdy default_server ipv6only=off;
to listen [::]:12345 ssl spdy default_server ipv6only=off;
DavDroid and the OwnCloud client finally work.
I did not create a pull request because i have no idea how to manipulate nginx_ssl.conf on the fly. (And sorry for my bad english ;) )
Seems the NextCloud fork is doing great and will probably replace ownCloud in the near future. However, I as the maintainer of this image will stay with ownCloud for this image. However, I recommend that you check out NextCloud when you do a new deployment. If someone wants to support NextCloud using this Docker image as a base source, please go for it! I would recommend to create a fork of this repository and then maintain it there separately.
For now, I am continuing to maintain this image but when I am setting up new ownCloud/NextCloud instances I use DebOps (see under Related projects).
Related to: debops/ansible-owncloud#45
See #10 (comment)
To avoid the case where a user with admin permissions in ownCloud updates the container and on next redeployment of the container the instance might be downgraded. The official docker image for ownCloud solves this problem by making the ownCloud setup president. This will not be done for this image.
Example warning: 'Downgrading is not supported and is likely to cause unpredictable issues (from 8.2.1.4 to 8.1.4.2)'
Hi,
I'm trying to use your docker by pulling it directly from github, but after a make owncloud-production
, the docker seems to start, then disappears from docker ps
.
Did I miss something ?
Thanks !
Debian is the recommended base image for Docker. See https://docs.docker.com/articles/dockerfile_best-practices/#from
Any thoughts?
@jchaney @silvio
I would like to put this project under a FOSS license specifically AGPLv3
http://www.gnu.org/licenses/agpl-3.0.de.html
What do you think?
???make the choice about that configurable???
I love what you've done here, and would like to use the image, but I don't see any easy way to store the data outside of the container or anything designating a volume inside the container which would cause the data to persist; this seems to mean that you can't ever upgrade the container.
Am I missing something?
Users should not need to wait until I have tested a new ownCloud release. I would like to use https://docs.docker.com/docker-hub/builds/#create-an-automated-build and at least support a few stable releases. @jchaney Can you set that up?
I was curious how ssllabs would rate my brand new owncloud server. So I
tested it and initially got a B rating. The best improvement was to add a stronger (4096 bit) prime for diffie-hellman keyexchange.
So after a couple of small changes, i got it running and have a A+ rating now.
You can see what i did here, 3 lines basically.
It takes a while to build the image now, since I am generating the prime (which takes forever) in the Dockerfile.
So it is probably better to add a precalculated prime like rfc3526.
This might be something to discuss.
Hi, I'm new using CoreOs and don't know how user make...
*Some idea? *
Thanks in advance,
Since docker is phasing out --link in favor of docker network, is there an environmental variable for telling the owncloud container the address of my existing mysql container? For example, the official wordpress container has a WORDPRESS_DB_HOST variable.
Is it possible to recover MariaDB root password?
I launch recently an owncloud instance using your docker.
At this moment I noted only password for mysql user owncloud-production. I did not note the password for root.
After that I stopped and relaunch my owncloud. Upgrade the image (docker pull jchaney/owncloud) as well. Etc.
And now I find that I don't know the root password for mariadb.
make owncloud-mariadb-get-pw
does not show the correct information. Probably because each time when I launch
make owncloud-production
these passwords are generated randomly (shell pwgen --secure 40 1).
The procedure to recover root password for mysql/mariadb does not work as well, because in owncloud-mariadb container mysqld process have a PID 1, so I could not stop or kill it.
Even if it (owncloud docker) works well without knowing mariadb root password, it seems to me that it preferable to have this password to get access to the database in case of some troubles.
So is there some methods to recover root password in this situation?
I need set up the owncloud production environment but for some reason Nginx won't start...
here the output for my container:
with :ro into Makefile owncloud-production: owncloud-mariadb
nginx: [emerg] BIO_new_file("/owncloud/dhparam.pem")failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/owncloud/dhparam.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
without :ro into Makefile owncloud-production: owncloud-mariadb
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/ssl/certs/ssl-cert-snakeoil.pem") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
Someone know how fix it?
thanks in advance.
I'm not sure this a real issue. May be it's some problem with installation.
But actually Comments and Tags features don't work.
The Tag feature is not available at all (there is no field to add tag).
The Comment field is available. But when I add comment it gives some error ("[object Object]"). And the comment is not stored (or not added).
Using docker logs owncloud-production
I could see some error associated with this event :
==> /var/log/nginx/error.log <==
2017/03/01 18:10:22 [error] 121#0: *432 upstream sent invalid status "0" while reading response header from upstream, client: ::xxxx, server: , request: "POST /remote.php/dav/comments/files/672055/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "xxxx"
(I put some xxx in the addresses, just because of little paranoia)
Although it's a some minor issue, just interesting why it happens. And is it easy to repair?
In the Makefile there is this line of code:
docker_owncloud_permanent_storage ?= /tmp/owncloud
I wasn't aware of this configuration till one day my local test installation just got completely corrupted and i first thought i have to blame docker itself because it just made an update in the same period of time.
Well, everybody should know that the "/tmp" folder is not meant to use for real data - whatever lands in /tmp is meant to be thrown away soon. The operating system is allowed to remove randomly data in /tmp whenever he wants, that's what /tmp is for...
So it is really negligent to make such a default configuration - in normal circumstances, no one want to ever store the real data of his owncloud in /tmp...
So i propose strongly to remove this and make any folder on the system the default, but not located in /tmp - you could prevent many future users from very bad surprises.
Due to a mismatch between the nginx configuration and the location of the ownCloud installation, it was possible to access user files without authentication when the filepath could be guessed. You can check this with https://owncloud.example.org/owncloud/data/owncloud.log. If this offers the log file for download, then you are vulnerable.
Fixed by commit: 7d270fe
Please update your instances!
Is somebody still using this image? As said before, I use DebOps and Nextcloud for new deployments. I don’t feel comfortable recommending this image. I don’t feel that this image is up to my personal standards anymore and I would recommend for people using it to either help out or search for a more up-to-date Docker image. If you find good/comparable once which are based on Debian, please mention them here.
Related to: #54
I'm really new to git, but i thought i's reach out. I was playing with the dockerfile and used it to deploy a container with for OwnCloud 8.2.0. I had some issues with the ACPu and gateway timing out when syncing/webdav. I added these lines;
sed -i 's_listen = /var/run/php5-fpm.sock_listen = 127.0.0.1:9000_' /etc/php5/fpm/pool.d/www.conf
sed -i 's_server unix:/var/run/php5-fpm.sock_ server 127.0.0.1:9000_' /etc/nginx/nginx.conf
sed -i 's!pm.max_children = 50!pm.max_children = 100!' /etc/php5/fpm/pool.d/www.conf
sed -i 's!;pm.max_requests = 500!pm.max_requests = 500!' /etc/php5/fpm/pool.d/www.conf
sed -i 's!pm.start_servers = 2!pm.start_servers = 20!' /etc/php5/fpm/pool.d/www.conf
sed -i 's!pm.min_spare_servers = 1!pm.min_spare_servers = 5!' /etc/php5/fpm/pool.d/www.conf
sed -i 's!pm.max_spare_servers = 3!pm.max_spare_servers = 30!' /etc/php5/fpm/pool.d/www.conf
https://discourse.mailinabox.email/t/consider-listening-on-port-instead-of-socket-for-php5-fpm/434/4
and
owncloud/core#14187
Just thought i'd pass it along in case you run across it.
Cheers
Arr0n
Docker run gives error on line 43 on nginx.conf
Hi and thanks for the great work!
My question is, if the docker image also works on arm based systems and if not what would need to change to do so?
Thanks and best regards
Jörg
I setup a docker-compose.yml file which works pretty well.
owncloud-db:
container_name: owncloud-db
image: ${image_mariadb}
volumes:
- ${docker_owncloud_permanent_storage}/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${docker_owncloud_mariadb_root_password}
- MYSQL_USER=owncloud
- MYSQL_DATABASE=owncloud
- MYSQL_PASSWORD=${docker_owncloud_mariadb_user_password}
owncloud-server:
container_name: owncloud-server
# image: ${image_owncloud}
build: owncloud
links:
- owncloud-db:mysql
ports:
- "${docker_owncloud_http_port}:80"
- "${docker_owncloud_https_port}:443"
volumes:
- ${docker_owncloud_permanent_storage}/data:/var/www/owncloud/data
- ${docker_owncloud_permanent_storage}/additional_apps:/var/www/owncloud/apps_persistent
- ${docker_owncloud_permanent_storage}/config:/owncloud
- ${docker_owncloud_ssl_cert}:/owncloud.cert:ro
- ${docker_owncloud_ssl_key}:/owncloud.key:ro
environment:
- OWNCLOUD_IN_ROOTPATH=${docker_owncloud_in_root_path}
- OWNCLOUD_SERVERNAME=${docker_owncloud_servername}
- SSL_CERT="/owncloud.cert"
- SSL_KEY="/owncloud.key"
I use these variables :
export docker_owncloud_http_port="80"
export docker_owncloud_https_port="443"
export docker_owncloud_in_root_path="1"
export docker_owncloud_permanent_storage="/home/hadim/owncloud_data"
export docker_owncloud_ssl_cert="./certs/cloud.cert"
export docker_owncloud_ssl_key="./certs/cloud.key"
export docker_owncloud_servername="arwen.hadim.fr"
export docker_owncloud_mariadb_root_password=$(pwgen --secure 40 1)
export docker_owncloud_mariadb_user_password=$(pwgen --secure 40 1)
export image_owncloud="jchaney/owncloud"
export image_mariadb="mysql" # mariadb raises weird errors I don't understand...
And I also needed to slighty modify your repo :
diff --git a/configs/owncloud_config.php b/configs/owncloud_config.php
index c0a18b2..6d33202 100644
--- a/configs/owncloud_config.php
+++ b/configs/owncloud_config.php
@@ -19,4 +19,11 @@ $CONFIG = array (
'writable' => true,
),
),
+
+ "dbtype" => "mysql",
+ "dbname" => "conf_dbname",
+ "dbuser" => "conf_dbuser",
+ "dbpassword" => "conf_dbpassword",
+ "dbhost" => "conf_dbhost",
+ "dbtableprefix" => "oc_",
);
diff --git a/misc/bootstrap.sh b/misc/bootstrap.sh
index e8a8f33..f79dceb 100755
--- a/misc/bootstrap.sh
+++ b/misc/bootstrap.sh
@@ -7,6 +7,25 @@ touch /var/log/cron/owncloud.log
test -e /owncloud/config.php || cp /root/owncloud_config.php /owncloud/config.php
test -e /owncloud/3party_apps.conf || cp /root/3party_apps.conf /owncloud/
+# Check wether a mysql database is linked
+if [ -z "$MYSQL_PORT_3306_TCP_ADDR" ]
+then
+ # Erase database configuration of owncloud if no database are linked
+ sed -i 's/dbtype/d' /owncloud/config.php
+ sed -i 's/dbname/d' /owncloud/config.php
+ sed -i 's/dbuser/d' /owncloud/config.php
+ sed -i 's/dbpassword/d' /owncloud/config.php
+ sed -i 's/dbhost/d' /owncloud/config.php
+ sed -i 's/dbtableprefix/d' /owncloud/config.php
+else
+ # Set the configuration to the linked mysql database
+ sed -i "s/conf_dbname/$MYSQL_ENV_MYSQL_DATABASE/g" /owncloud/config.php
+ sed -i "s/conf_dbuser/$MYSQL_ENV_MYSQL_USER/g" /owncloud/config.php
+ sed -i "s/conf_dbpassword/$MYSQL_ENV_MYSQL_PASSWORD/g" /owncloud/config.php
+ sed -i "s/conf_dbhost/$MYSQL_PORT_3306_TCP_ADDR:$MYSQL_PORT_3306_TCP_PORT/g" /owncloud/config.p
+
+fi
+
if [ -z "$SSL_CERT" ]
then
echo "Copying nginx.conf without SSL support …"
Unfortunately automatic database configuration does not work and I still need to execute the following command to get the credentials and then manually enter them in the owncloud wizard:
$ docker exec -ti owncloud-server cat /owncloud/config.php
<?php
$CONFIG = array (
'installed' => false,
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/owncloud/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/owncloud/apps_persistent',
'url' => '/apps_persistent',
'writable' => true,
),
),
'dbtype' => 'mysql',
'dbname' => 'owncloud',
'dbuser' => 'owncloud',
'dbpassword' => '78ryLjuqkG8Rx7kyNhAVNmVfo22Cqh8wPoQSrsBK',
'dbhost' => '172.17.0.2:3306',
'dbtableprefix' => 'oc_',
'instanceid' => 'ocb8cq8uf1f7',
);
Thansk anyway for your work on this image !
can someone push owncloud 9 to this image?
It seems that Docker Hub currently only builds automated builds when the repository pushes a new commit and not additionally when the base images changes. This resulted in this image being vulnerable (example: dsa-3481) too long (until the maintainer pushes the next commit). This is unacceptable. Am I missing something and can Docker Hub be configured to rebuild on base image change? If not I intent to install a cron job which triggers a rebuild daily.
Seems I am not the first one with this problem: How to automatically update your docker containers, if base-images are updated. I guess the cron job rebuild trigger is a good idea.
At first thank you very much for your job.
Nevertheless :-) I have some problem to get it work. Probably I did something wrong, but I could not found what.
And I could connect to owncloud web-interface
4) I got mariadb password using : make owncloud-mariadb-get-pw
Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1045] Access denied for user 'owncloud-production'@'172.17.0.5' (using password: YES)
If I try to go to mariadb container and try to connect to database locally, it does not work.
$ docker exec -it owncloud-mariadb /bin/bash
root@584bd684e7da:/# mysql -h localhost -uowncloud-production -p
Enter password:
ERROR 1045 (28000): Access denied for user 'owncloud-production'@'localhost' (using password: YES)
So... could you give a clue where to search the solution?
May be there is something that I don't understand about pwgen and how to get mariadb password?
Thank you very much in advance.
Thanks,
Paul Zakharov
Hey Josh,
first of all, awesome owncloud docker image! Just one thing that would make the image perfect: cron support. This would speed up site access significantly.
http://doc.owncloud.org/server/7.0/admin_manual/configuration/background_jobs.html#cron
To have proper cron support, I would also recommend using a dockerized ubuntu base image:
https://registry.hub.docker.com/u/phusion/baseimage/
I could implement and test such a change, would you accept pull requests?
Best regards,
Olaf
This is actually a follow up of #55
Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.
Results
=======
- core
- INVALID_HASH
- .user.ini
- EXTRA_FILE
- .user.inie
Raw output
==========
Array
(
[core] => Array
(
[INVALID_HASH] => Array
(
[.user.ini] => Array
(
[expected] => 0a557e3cdca4c2e3675deed761d79d109011dcdebbd9c7f6429f1d3476938ec95729543d7384651d1d0c48e26c5024cc5f517445920915a704ea748bdb903c5f
[current] => a923312c4f59ed57284843fdeae44658856634488513cf7d01d2e3f49c6dc6ab5ded5bc4649dde5186505f864ae86941e2a65e9d8a5965329921802b18322d3c
)
)
[EXTRA_FILE] => Array
(
[.user.inie] => Array
(
[expected] =>
[current] => 6bdf1cf3bf08df0e82bdfca564a7d1e986f632a41417bcf63745be84c57721abaa03d0fb53ad236b910b0e99e602e5312d45ce3819feb470e98927bb4b1854f3
)
)
)
)
See ypid@fd5a100
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.