From a0bb996aaf84a0eca44544170985b899ca4696cf Mon Sep 17 00:00:00 2001 From: "sebastian.serfling" Date: Mon, 31 Mar 2025 14:15:45 +0000 Subject: [PATCH] Dateien nach "/" hochladen --- AUTHORS.md | 4 ++ crontab.sh | 1 + docker-compose.yml | 88 +++++++++++++++++++++++++++ nextcloud.ini | 9 +++ nginx.conf | 144 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 246 insertions(+) create mode 100644 AUTHORS.md create mode 100644 crontab.sh create mode 100644 docker-compose.yml create mode 100644 nextcloud.ini create mode 100644 nginx.conf diff --git a/AUTHORS.md b/AUTHORS.md new file mode 100644 index 0000000..686d12b --- /dev/null +++ b/AUTHORS.md @@ -0,0 +1,4 @@ +# Authors + +* Ascensio System SIA: + diff --git a/crontab.sh b/crontab.sh new file mode 100644 index 0000000..8e55957 --- /dev/null +++ b/crontab.sh @@ -0,0 +1 @@ +docker exec -u www-data app-server php /var/www/html/cron.php diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..a4a5152 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,88 @@ +version: '3' +services: + app: + container_name: app-server + image: nextcloud:fpm + restart: always + environment: + - TZ=Europa/Berlin + expose: + - '80' + - '9000' + volumes: + - app_data:/var/www/html + - ./www-php.conf:/usr/local/etc/php-fpm.d/www.conf + - "/etc/localtime:/etc/localtime:ro" + networks: + - cloud + + onlyoffice-document-server: + container_name: onlyoffice-document-server + image: onlyoffice/documentserver:latest + restart: always + environment: + - JWT_ENABLED=true + - JWT_SECRET=secret + - TZ=Europa/Berlin + expose: + - '80' + - '443' + volumes: + - document_data:/var/www/onlyoffice/Data + - document_log:/var/log/onlyoffice + - /root/docker-onlyoffice-nextcloud/fonts:/usr/share/fonts/truetype/custom + - "/etc/localtime:/etc/localtime:ro" + networks: + - cloud + + nginx: + container_name: nginx-server + image: nginx + restart: always + environment: + - TZ=Europa/Berlin + ports: + - 80:80 + - 443:443 + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf + - app_data:/var/www/html + - "/etc/localtime:/etc/localtime:ro" + networks: + - cloud + + db: + container_name: maria-db + restart: always + image: mariadb + ports: + - 3306:3306 + environment: + TZ: Europa/Berlin + MYSQL_ROOT_PASSWORD: ktnpEixbKbZmtzNK52XQBAEajPdnSNF + MYSQL_DATABASE: nextcloud + MYSQL_USER: nextcloud + MYSQL_PASSWORD: ktnpEixbKbZmtzNK52XQBAEajPdnSNF + volumes: + - ./mariadb:/var/lib/mysql + - "/etc/localtime:/etc/localtime:ro" + networks: + - cloud + +volumes: + document_data: + document_log: + app_data: + mysql_data: + + +networks: + cloud: + name: cloud + driver: bridge + ipam: + config: + - subnet: 10.5.0.0/16 + gateway: 10.5.0.1 + driver_opts: + com.docker.network.driver.mtu: 1400 diff --git a/nextcloud.ini b/nextcloud.ini new file mode 100644 index 0000000..5af5017 --- /dev/null +++ b/nextcloud.ini @@ -0,0 +1,9 @@ +memory_limit=${PHP_MEMORY_LIMIT} +upload_max_filesize=${PHP_UPLOAD_LIMIT} +post_max_size=${PHP_UPLOAD_LIMIT} +pm = dynamic +pm.max_children = 25 +pm.start_servers = 10 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 +pm.max_requests = 500 diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..f7eab12 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,144 @@ +user www-data; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + + upstream backend { + server app-server:9000; + } + + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + map $http_host $this_host { + "" $host; + default $http_host; + } + + map $http_x_forwarded_proto $the_scheme { + default $http_x_forwarded_proto; + "" $scheme; + } + + map $http_x_forwarded_host $the_host { + default $http_x_forwarded_host; + "" $this_host; + } + + server { + listen 80; + # The below allows for being behind a reverse proxy and allowing the Nextcloud app to connect + server_tokens off; + + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + + root /var/www/html; + client_max_body_size 10G; # 0=unlimited - set max upload size + fastcgi_buffers 64 4K; + + gzip off; + + index index.php; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + rewrite ^/.well-known/carddav /remote.php/dav/ permanent; + rewrite ^/.well-known/caldav /remote.php/dav/ permanent; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location / { + rewrite ^/remote/(.*) /remote.php last; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ =404; + } + + location ~* ^/ds-vpath/ { + rewrite /ds-vpath/(.*) /$1 break; + proxy_pass http://onlyoffice-document-server; + proxy_redirect off; + + client_max_body_size 100m; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $the_host/ds-vpath; + proxy_set_header X-Forwarded-Proto $the_scheme; + } + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS off; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass backend; + fastcgi_intercept_errors on; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the location ~ \.php(?:$|/) { block + location ~* \.(?:css|js)$ { + add_header Cache-Control "public, max-age=7200"; + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + # Optional: Don't log access to other assets + location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { + access_log off; + } + + } +}