diff options
| author | Boris Gorbylev <ekho@ekho.name> | 2020-03-31 17:23:57 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-31 14:23:57 +0000 |
| commit | efe3caebdcd0cf23553aedd8d0f56cea4a5053fa (patch) | |
| tree | 99b1bdc09982bbd736942f9c7dd529e4371e1a6e | |
| parent | cf3476d71b65222f9a1959c4a30589957c0a1fd7 (diff) | |
Compatibility with docker secrets (#560)
* Read passwords from files specified with *_PASSWORD_FILE variables (docker secrets)
Fixes #731
Signed-off-by: Boris Gorbylev <ekho@ekho.name>
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
* Add NEXTCLOUD_ADMIN_USER, POSTGRES_DB, POSTGRES_USER
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
* Fix Variables
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
Co-authored-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
| -rwxr-xr-x | 16.0/apache/entrypoint.sh | 34 | ||||
| -rwxr-xr-x | 16.0/fpm-alpine/entrypoint.sh | 34 | ||||
| -rwxr-xr-x | 16.0/fpm/entrypoint.sh | 34 | ||||
| -rwxr-xr-x | 17.0/apache/entrypoint.sh | 34 | ||||
| -rwxr-xr-x | 17.0/fpm-alpine/entrypoint.sh | 34 | ||||
| -rwxr-xr-x | 17.0/fpm/entrypoint.sh | 34 | ||||
| -rwxr-xr-x | 18.0/apache/entrypoint.sh | 34 | ||||
| -rwxr-xr-x | 18.0/fpm-alpine/entrypoint.sh | 34 | ||||
| -rwxr-xr-x | 18.0/fpm/entrypoint.sh | 34 | ||||
| -rw-r--r-- | README.md | 62 | ||||
| -rwxr-xr-x | docker-entrypoint.sh | 34 |
11 files changed, 402 insertions, 0 deletions
diff --git a/16.0/apache/entrypoint.sh b/16.0/apache/entrypoint.sh index fb2fe686..2510743e 100755 --- a/16.0/apache/entrypoint.sh +++ b/16.0/apache/entrypoint.sh @@ -19,6 +19,30 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/16.0/fpm-alpine/entrypoint.sh b/16.0/fpm-alpine/entrypoint.sh index fb2fe686..2510743e 100755 --- a/16.0/fpm-alpine/entrypoint.sh +++ b/16.0/fpm-alpine/entrypoint.sh @@ -19,6 +19,30 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/16.0/fpm/entrypoint.sh b/16.0/fpm/entrypoint.sh index fb2fe686..2510743e 100755 --- a/16.0/fpm/entrypoint.sh +++ b/16.0/fpm/entrypoint.sh @@ -19,6 +19,30 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/17.0/apache/entrypoint.sh b/17.0/apache/entrypoint.sh index fb2fe686..2510743e 100755 --- a/17.0/apache/entrypoint.sh +++ b/17.0/apache/entrypoint.sh @@ -19,6 +19,30 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/17.0/fpm-alpine/entrypoint.sh b/17.0/fpm-alpine/entrypoint.sh index fb2fe686..2510743e 100755 --- a/17.0/fpm-alpine/entrypoint.sh +++ b/17.0/fpm-alpine/entrypoint.sh @@ -19,6 +19,30 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/17.0/fpm/entrypoint.sh b/17.0/fpm/entrypoint.sh index fb2fe686..2510743e 100755 --- a/17.0/fpm/entrypoint.sh +++ b/17.0/fpm/entrypoint.sh @@ -19,6 +19,30 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/18.0/apache/entrypoint.sh b/18.0/apache/entrypoint.sh index fb2fe686..2510743e 100755 --- a/18.0/apache/entrypoint.sh +++ b/18.0/apache/entrypoint.sh @@ -19,6 +19,30 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/18.0/fpm-alpine/entrypoint.sh b/18.0/fpm-alpine/entrypoint.sh index fb2fe686..2510743e 100755 --- a/18.0/fpm-alpine/entrypoint.sh +++ b/18.0/fpm-alpine/entrypoint.sh @@ -19,6 +19,30 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" diff --git a/18.0/fpm/entrypoint.sh b/18.0/fpm/entrypoint.sh index fb2fe686..2510743e 100755 --- a/18.0/fpm/entrypoint.sh +++ b/18.0/fpm/entrypoint.sh @@ -19,6 +19,30 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" @@ -252,6 +252,68 @@ services: Then run `docker-compose up -d`, now you can access Nextcloud at http://localhost:8080/ from your host system. +# Docker Secrets +As an alternative to passing sensitive information via environment variables, _FILE may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in /run/secrets/<secret_name> files. For example: +```yaml +version: '3.2' + +services: + db: + image: postgres + restart: always + volumes: + - db:/var/lib/postgresql/data + environment: + - POSTGRES_DB_FILE=/run/secrets/postgres_db + - POSTGRES_USER_FILE=/run/secrets/postgres_user + - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password + secrets: + - postgres_db + - postgres_password + - postgres_user + + app: + image: nextcloud + restart: always + ports: + - 8080:80 + volumes: + - nextcloud:/var/www/html + environment: + - POSTGRES_HOST=db + - POSTGRES_DB_FILE=/run/secrets/postgres_db + - POSTGRES_USER_FILE=/run/secrets/postgres_user + - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password + - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password + - NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/nextcloud_admin_user + depends_on: + - db + secrets: + - nextcloud_admin_password + - nextcloud_admin_user + - postgres_db + - postgres_password + - postgres_user + +volumes: + db: + nextcloud: + +secrets: + nextcloud_admin_password: + file: ./nextcloud_admin_password.txt # put admin password to this file + nextcloud_admin_user: + file: ./nextcloud_admin_user.txt # put admin username to this file + postgres_db: + file: ./postgres_db.txt # put postgresql db name to this file + postgres_password: + file: ./postgres_password.txt # put postgresql password to this file + postgres_user: + file: ./postgres_user.txt # put postgresql username to this file +``` + +Currently, this is only supported for `NEXTCLOUD_ADMIN_PASSWORD`, `NEXTCLOUD_ADMIN_USER`, `MYSQL_DB`, `MYSQL_PASSWORD`, `MYSQL_USER`, `POSTGRES_DB`, `POSTGRES_PASSWORD`, `POSTGRES_USER`. + # Make your Nextcloud available from the internet Until here, your Nextcloud is just available from you docker host. If you want your Nextcloud available from the internet adding SSL encryption is mandatory. diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index fb2fe686..2510743e 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -19,6 +19,30 @@ run_as() { fi } +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//") + local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//") + if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + if [ -n "${varValue}" ]; then + export "$var"="${varValue}" + elif [ -n "${fileVarValue}" ]; then + export "$var"="$(cat "${fileVarValue}")" + elif [ -n "${def}" ]; then + export "$var"="$def" + fi + unset "$fileVar" +} + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then @@ -79,6 +103,9 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP if [ "$installed_version" = "0.0.0.0" ]; then echo "New nextcloud instance" + file_env NEXTCLOUD_ADMIN_PASSWORD + file_env NEXTCLOUD_ADMIN_USER + if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then # shellcheck disable=SC2016 install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"' @@ -91,6 +118,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"' fi + file_env MYSQL_DATABASE + file_env MYSQL_PASSWORD + file_env MYSQL_USER + file_env POSTGRES_DB + file_env POSTGRES_PASSWORD + file_env POSTGRES_USER + install=false if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" |