chaos/docker-images
2
1
Fork 0
Code Issues 1 Pull Requests Projects Releases 1 Wiki Activity

refactored, noone needs the web folder

Browse Source
This commit is contained in:
Udo Waechter
2021-05-28 19:45:35 +02:00
parent 5e07cdc688
commit 6201447116
27 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
apps/nextcloud/Dockerfile Normal file
View File

@@ -0,0 +1,24 @@
FROM nextcloud:stable-apache
#needed for some reason
ENV NEXTCLOUD_UPDATE=1
RUN sed -i 's@deb.debian.org@apt-cache.lan/deb.debian.org@g' /etc/apt/sources.list && \
sed -i 's@security.debian.org@apt-cache.lan/security.debian.org@g' /etc/apt/sources.list && \
apt-get update && apt-get install -y \
vim screen dnsutils procps nmap bash iputils-ping bash && \
apt-get clean -y && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/cache/apt/*
RUN touch /usr/src/nextcloud/data/.ocdata
COPY config.php /usr/src/nextcloud/config/
#COPY htaccess-data /usr/src/nextcloud/data/.htaccess
COPY apache-default-vhost.conf /etc/apache2/sites-available/000-default.conf
RUN mv /usr/src/nextcloud/.htaccess /usr/src/nextcloud/.htaccess.bak
RUN mv /usr/src/nextcloud/config/.htaccess /usr/src/nextcloud/config/.htaccess.bak
#install ca.crt update script to the container
COPY post-start.sh /
RUN chmod +x /post-start.sh

150
apps/nextcloud/apache-default-vhost.conf Normal file
View File

@@ -0,0 +1,150 @@
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory /var/www/html>
AllowOverride None
<IfModule mod_headers.c>
<IfModule mod_setenvif.c>
<IfModule mod_fcgid.c>
SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
</IfModule>
<IfModule mod_proxy_fcgi.c>
SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
</IfModule>
<IfModule mod_env.c>
# Add security and privacy related headers
# Avoid doubled headers by unsetting headers in "onsuccess" table,
# then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
Header onsuccess unset Referrer-Policy
Header always set Referrer-Policy "no-referrer"
Header onsuccess unset X-Content-Type-Options
Header always set X-Content-Type-Options "nosniff"
Header onsuccess unset X-Download-Options
Header always set X-Download-Options "noopen"
Header onsuccess unset X-Frame-Options
Header always set X-Frame-Options "SAMEORIGIN"
Header onsuccess unset X-Permitted-Cross-Domain-Policies
Header always set X-Permitted-Cross-Domain-Policies "none"
Header onsuccess unset X-Robots-Tag
Header always set X-Robots-Tag "none"
Header onsuccess unset X-XSS-Protection
Header always set X-XSS-Protection "1; mode=block"
SetEnv modHeadersAvailable true
</IfModule>
# Add cache control for static resources
<FilesMatch "\.(css|js|svg|gif)$">
Header set Cache-Control "max-age=15778463"
</FilesMatch>
# Let browsers cache WOFF files for a week
<FilesMatch "\.woff2?$">
Header set Cache-Control "max-age=604800"
</FilesMatch>
</IfModule>
<IfModule mod_php7.c>
php_value mbstring.func_overload 0
php_value default_charset 'UTF-8'
php_value output_buffering 0
<IfModule mod_env.c>
SetEnv htaccessWorking true
</IfModule>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L]
RewriteRule ^\.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L]
RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.*) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
ModPagespeed Off
</IfModule>
</Directory>
<Directory /var/www/html/config>
AllowOverride None
# Section for Apache 2.4 to 2.6
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
Satisfy All
</IfModule>
# Section for Apache 2.2
<IfModule !mod_authz_core.c>
<IfModule !mod_access_compat.c>
<IfModule mod_authz_host.c>
Order Allow,Deny
Deny from all
</IfModule>
Satisfy All
</IfModule>
</IfModule>
# Section for Apache 2.2 to 2.6
<IfModule mod_autoindex.c>
IndexIgnore *
</IfModule>
</Directory>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

59
apps/nextcloud/config.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
//
//Manually deployed by yourself
//
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'objectstore' =>
array (
'class' => '\\OC\\Files\\ObjectStore\\S3',
'arguments' =>
array (
'bucket' => 'nextcloud',
'key' => 'nextcloud',
'secret' => 'tWnc3zdxcDUvcX5f9uY7RRYvKLcWI1KY',
'region' => '',
'hostname' => 'minio.live-infra.svc.cluster.local',
'port' => '443',
'objectPrefix' => 'urn:oid:',
'autocreate' => false,
'use_ssl' => true,
'use_path_style' => true,
'legacy_auth' => false,
),
),
'instanceid' => 'ocsxqijfvpf7',
'passwordsalt' => 'OTjmXJP0VKlw+OLja6wUxbHlZk4Txw',
'secret' => '0g94SdF7A2k/LHTKUM+8HwEDFgF1zz7I/sMauap02/d8G677',
'trusted_domains' =>
array (
0 => 'nc.lan',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'pgsql',
'version' => '20.0.9.1',
'overwrite.cli.url' => 'http://nc.lan',
'dbname' => 'nextcloud',
'dbhost' => 'postgres.live-env.svc.cluster.local:5432',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => 'Vb7yHzmE5HIjfU4hf89aXAmEEmxAnMdB',
'installed' => true,
);

113
apps/nextcloud/deployment.yaml Normal file
View File

@@ -0,0 +1,113 @@
#we use postgresql:
#create database nextcloud;
#create user nextcloud with encrypted password 'secret';
#grant all privileges on database nextcloud to nextcloud;
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
labels:
app: nextcloud
release: latest
spec:
replicas: 1
selector:
matchLabels:
app: nextcloud
release: latest
template:
metadata:
labels:
app: nextcloud
release: latest
spec:
containers:
- name: nextcloud
image: cr.lan/nextcloud:latest
#image: docker.io/nextcloud:stable-apache
lifecycle:
postStart:
exec:
command:
- /post-start.sh
env:
- name: TZ
value: "Europe/Berlin"
- name: POSTGRES_HOST
value: postgres.live-env.svc.cluster.local:5432
- name: POSTGRES_DB
value: nextcloud
- name: POSTGRES_USER
value: nextcloud
- name: POSTGRES_PASSWORD
value: Vb7yHzmE5HIjfU4hf89aXAmEEmxAnMdB
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: nc nc.lan 172.23.255.1
- name: OBJECTSTORE_S3_HOST
value: minio.live-infra.svc.cluster.local
- name: OBJECTSTORE_S3_BUCKET
value: nextcloud
- name: OBJECTSTORE_S3_KEY
value: nextcloud
- name: OBJECTSTORE_S3_SECRET
value: tWnc3zdxcDUvcX5f9uY7RRYvKLcWI1KY
- name: OBJECTSTORE_S3_PORT
value: "443"
- name: OBJECTSTORE_S3_USEPATH_STYLE
value: "true"
- name: OBJECTSTORE_S3_SSL
value: "true"
ports:
- name: http
containerPort: 80
protocol: TCP
# startupProbe:
# httpGet:
# path: /
# port: http
# livenessProbe:
# httpGet:
# path: /
# port: http
# readinessProbe:
# httpGet:
# path: /
# port: http
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "768Mi"
cpu: "3000m"
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud
spec:
ports:
- name: http
port: 80
selector:
app: nextcloud
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextcloud
annotations:
ingress.kubernetes.io/whitelist-x-forwarded-for: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 512m
spec:
rules:
- host: nc.lan
http:
paths:
- backend:
service:
name: nextcloud
port:
name: http
path: /
pathType: Prefix

20
apps/nextcloud/post-start.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
ln -s /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/
/usr/sbin/update-ca-certificates
# reinstall/activate apps
#DIS_APP=( accessibility admin_audit contactsinteraction dashboard files_external
# files_rightclick firstrunwizard logreader nextcloud_announcements
# serverinfo sharebymail survey_client systemtags ser_ldap weather_status )
#
#EN_APP=( activity cloud_federation_api comments dav encryption federatedfilesharing
# federation files files_pdfviewer files_sharing files_trashbin files_videoplayer
# lookup_server_connector notes notifications oauth2 password_policy photos
# privacy provisioning_api recommendations settings support text theming
# twofactor_backupcodes updatenotification user_status viewer workflowengine
# files_versions timetracker tasks deck files_3d )
#
#for APP in ${DIS_APP[@]}; do echo "+${APP}+"; done
#echo "ENABLED"
#
#for APP in ${EN_APP[@]}; do echo "+${APP}+"; done

77
apps/nextcloud/tekton-image-build.yaml Normal file
View File

@@ -0,0 +1,77 @@
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: chaos-kubernetes-git
spec:
type: git
params:
- name: revision
value: master
- name: url
value: http://git-ui.lan/chaos/kubernetes.git
- name: submodules
value: "false"
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: img-nextcloud
spec:
type: image
params:
- name: url
value: cr.lan/nextcloud
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-nextcloud
spec:
params:
- name: pathToDockerFile
type: string
default: $(resources.inputs.source.path)/apps/web/nextcloud/Dockerfile
- name: pathToContext
type: string
default: $(resources.inputs.source.path)/apps/web/nextcloud
resources:
inputs:
- name: source
type: git
outputs:
- name: builtImage
type: image
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor:arm64
command:
- /kaniko/executor
args:
- --dockerfile=$(params.pathToDockerFile)
- --destination=$(resources.outputs.builtImage.url)
- --context=$(params.pathToContext)
- --snapshotMode=redo
- --skip-tls-verify
---
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: img-nextcloud
spec:
#serviceAccountName: dockerhub-service
taskRef:
name: build-nextcloud
params:
- name: pathToDockerFile
value: Dockerfile
resources:
inputs:
- name: source
resourceRef:
name: chaos-kubernetes-git
outputs:
- name: builtImage
resourceRef:
name: img-nextcloud