hoellen / docker-nextcloud Goto Github PK

Hi,

i was trying to get rid of my clear text secrets in the config.php
You by yourself mentioned in the readme, that by default "a lot" can be handled via docker secret or similar in config.php.

but this:
https://github.com/nextcloud/server/blob/master/lib/private/Config.php (see ENV reference NC_) doesn't work

as the official documentation is more or less non existent on this, i'm asking, is this a issue with this image or just not working at all?

i've just tried to set env vars according to the schema

dbtype in config.php

NC_dbtype=psql in environment variables.

but this breaks with a 500 internal server error.

Hi,

with the latest release of 27.0.1 the container stopped working with:

Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_set_external_entity_loader was tried and nopped in /nextcloud/lib/base.php on line 592
Config file has leading content, please remove everything before "<?php" in config.php
Fatal error: Uncaught Error: Typed static property OC::$server must not be accessed before initialization in /nextcloud/index.php:71 Stack trace: #0 {main} thrown in /nextcloud/index.php on line 71

but:

/nextcloud/config $ head -2 config.php
<?php
$CONFIG = array (

Thanks Jan

Hi @hoellen,

what do you think about multi arch builds? This can be done with little effort with github actions and uploaded to ghcr. The downside of this is, that builds needs more time the more archs are added to the pipeline.

If you like, I can propose a PR.

Chears, Jan.

From the logs:

Error loading shared library libssl.so.3: No such file or directory (needed by /usr/sbin/nginx)
Error loading shared library libcrypto.so.3: No such file or directory (needed by /usr/sbin/nginx)

So nginx is not starting ...

Index name "calobjects_index" for table "oc_calendarobjects" collides with the constraint on table "oc_calendarobjectsBroke".

is the message. Droping the index calobjects_index on oc_calendarobjects. Solves the problem.
Maybe it is an upstream problem.

I've been troubleshooting this for a couple days now, since upgrading from NC 23.0.8 to 24.0.4. Most of my calendars stopped loading and started throwing the following error:

Allowed memory size of 536870912 bytes exhausted (tried to allocate 4096 bytes) at /nextcloud/3rdparty/sabre/vobject/lib/Recur/RRuleIterator.php#680

I'm not sure if this is a bug with 24.0.4 (doesn't seem like it since others have said they've had no issues), the PHP version, or this particular image and something with its PHP configuration. But I figure it doesn't hurt to post here in case it is related, or if someone else runs into the same issue.

My issue on the NC server Github: nextcloud/calendar#4422
Similar issue someone else reported back in May: nextcloud/server#32568

Logreader needs .mjs file extension in order to properly work (blank screen when accessing the logs from settings)
Based on upstream docs for Ngnix:

[...]
    # Add .mjs as a file extension for javascript
    # Either include it in the default mime.types list
    # or include you can include that list explicitly and add the file extension
    # only for Nextcloud like below:
    include mime.types;
    types {
        text/javascript mjs;
    }
[...]

[...]
    # Serve static files
    location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
[...]

I guess other apps would required it. Tested on a 28.0.1 install. Not tested in previous versions.

You moved the database check from startup to run.sh. There, you are checking for the variable DB_HOST - if this variable is empty you are defaulting to "nextcloud-db" - the default db name is not used in every installation.

Either you have to change your readme or get the host variable for the run.sh from the config.php file. Reason is, you wrote to delete those environment variables after initial setup in your readme - so normally this environment variable is not set anymore in the compose file and uses the default value.

Hi,

first of all thank you for the awesome image!

I tried to setup a fresh installation but ran into an error.
Log output:

Enabling Snuffleupagus...
Starting automatic configuration...
Automatic configuration finished.
Nextcloud is not installed - only a limited number of commands are available


There are no commands defined in the "app" namespace.  
                                             

Exception: Not installed in /nextcloud/lib/base.php:281
Stack trace:
#0 /nextcloud/lib/base.php(697): OC::checkInstalled(Object(OC\SystemConfig))
#1 /nextcloud/lib/base.php(1164): OC::init()
#2 /nextcloud/cron.php(43): require_once('/nextcloud/lib/...')
#3 {main}
{
  "reqId": "3R5ysfM84Jmj0g3oWsdQa",
  "level": 3,
  "time": "2023-04-15T20:56:53+00:00",
  "remoteAddr": "",
  "user": "--",
  "app": "cron",
  "method": "",
  "url": "--",
  "message": "Not installed",
  "userAgent": "--",
  "version": "",
  "exception": {
    "Exception": "Exception",
    "Message": "Not installed",
    "Code": 0,
    "Trace": [{
      "file": "/nextcloud/lib/base.php",
      "line": 697,
      "function": "checkInstalled",
      "class": "OC",
      "type": "::",
      "args": [
        ["OC\\SystemConfig"]
      ]
    }, {
      "file": "/nextcloud/lib/base.php",
      "line": 1164,
      "function": "init",
      "class": "OC",
      "type": "::",
      "args": []
    }, {
      "file": "/nextcloud/cron.php",
      "line": 43,
      "args": ["/nextcloud/lib/base.php"],
      "function": "require_once"
    }],
    "File": "/nextcloud/lib/base.php",
    "Line": 281,
    "CustomMessage": "--"
  }
}

I found some somewhat related issues (1, 2, 3) but still can't get it to work.
Any idea what's going wrong?

Hey there,

since the commit 8070434 I do get the log message: waiting for the database container... and the container is not starting. I use a postgres database and it was and is connectable from within the nextcloud container. When I do occ upgrade for example the response is

Setting log level to debug
Turned on maintenance mode
Updating database schema
Updated database
Updating <calendar> ...
Updated <calendar> to 4.6.1
Starting code integrity check...
Finished code integrity check
Update successful
Turned off maintenance mode
Resetting log level

so I assume nextcloud itself can access the database.

Do you have an idea how to fix this?

thx!

Hi,

today I stumbled upon the following statement in the admin section:

There are some warnings regarding your setup.
Your web server is not properly set up to resolve "/ocm-provider/". This is most likely related to a web server configuration that was not updated to deliver this folder directly. Please compare your configuration against the shipped rewrite rules in ".htaccess" for Apache or the provided one in the documentation for Nginx at it's documentation page ↗. On Nginx those are typically the lines starting with "location ~" that need an update.

It seems to be a new check, and it seems to happen on all my instances. Is it me or is there anything we can do about this? I did not find anything on https://docs.nextcloud.com/server/27/go.php?to=admin-nginx that helped my to find the right place where to adjust the rules regarding this.

Hi @hoellen,

what's the intention to build the images weekly (https://github.com/hoellen/docker-nextcloud/blob/master/.github/workflows/build.yml#L9) but also update the normal tags (like the upstream major and minor version)?
Some people (like me) are running update frameworks like watchtower. (Re)building the images each Friday is not a bad idea at all, but I would not expect to get an image update on regular basis when following (minor/major) version tag, but when a new upstream release happens or new functions/fixes lands in the image.

Do you think that people would instead prefer a tag like "weekly/nightly" and follow this tag when they would like to follow such an image?

Regards, Jan.

Hi guys, just wanted to bump the patch level update

Hey,

I wanted to add the App "memories" which looks like something everybody wants to have ;) (reddit post). To make it run, I had to disable the PHP_HARDENING (I dont know, perhaps this can also run with it enabled with some tweaking?).

Now I wanted to add the extensions for the media types but unfortunately ffmpeg is not installed.
Can you add it, or a possibility to add it via variables? I saw it in some commit from the past, but it did not survive...

Thanks!

The new app Recognize (https://apps.nextcloud.com/apps/recognize) needs glibc. So it would be beneficial if the image would include it.

Hi,

Nextcloud Memories App https://apps.nextcloud.com/apps/memories depends on shell_exec function, whose execution is dropped by Snuffleupagus configuration in ghcr.io/hoellen/nextcloud:25 docker image.

{"reqId":"kSXRACAVK6v9d1dB9vGU","level":3,"time":"2023-05-08 19:54:11","remoteAddr":"172.17.26.1","user":"XXX","app":"PHP","method":"POST","url":"/settings/apps/enable","message":"[snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', because its argument '$command' content (ps -ef | grep go-vod-ocwgkowh3q4h | grep -v grep | awk '{print $2}') matched a rule at /nextcloud/apps2/memories/lib/Util.php#461","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0","version":"25.0.6.1","data":{"app":"PHP"}}

In particular, these two files call shell_exec multiple times:

• https://github.com/pulsejet/memories/blob/master/lib/Util.php
• https://github.com/pulsejet/memories/blob/master/lib/Service/BinExt.php

I have temporarily worked around the issue by allowing the two files to run any (!) command:

$ grep "memories" /usr/local/etc/php/conf.d/nextcloud-php8.rules | grep -v grep
sp.disable_function.function("shell_exec").param("command").filename("/nextcloud/apps2/memories/lib/Util.php").allow();
sp.disable_function.function("shell_exec").param("command").filename("/nextcloud/apps2/memories/lib/Service/BinExt.php").allow();

Nextcloud 24 throws the following error: The "X-XSS-Protection" HTTP header doesn't contain "1; mode=block". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

This happens even when nginx on the host side is configured correctly. If you inspect the page, you'll see duplicate headers, one of which is set to 0. When I go into the container's nginx conf (/etc/nginx/conf.d/default.conf), I see add_header X-XSS-Protection "0" always;.

Since it doesn't seem like I can do much via the container shell, I copied the file to the host, edited it, then copied it back to the container, and restarted it. That fixed it.

I'm still troubleshooting this issue, so I might be wrong, but:

My calendars weren't loading, so I dug into it and first saw some weird PHP errors about the allowed memory size being exhausted, which didn't really make sense, and then I also saw an error about a deprecated "Serializable interface". Long story short, it looks like this image is still using Opis/closure, while Nextcloud 24 has moved on to Laravel/serializable-closure. I'm guessing this is something that needs to be updated within the image, but again, could be wrong. Going to tinker with it some more.

Hi @hoellen,

creating a new instance resulted into:

nextcloud_1            | Starting automatic configuration...
nextcloud_1            | Automatic configuration finished.
nextcloud_1            | Nextcloud is not installed - only a limited number of commands are available
nextcloud_1            |
nextcloud_1            |
nextcloud_1            |  Command "app:disable" is not defined.
nextcloud_1            |
nextcloud_1            |
nextcloud_1            |  Do you want to run "app:check-code" instead?  (yes/no) [no]:
nextcloud_1            |  > Exception: Not installed in /nextcloud/lib/base.php:277
nextcloud_1            | Stack trace:
nextcloud_1            | #0 /nextcloud/lib/base.php(649): OC::checkInstalled(Object(OC\SystemConfig))
nextcloud_1            | #1 /nextcloud/lib/base.php(1087): OC::init()
nextcloud_1            | #2 /nextcloud/cron.php(43): require_once('/nextcloud/lib/...')
nextcloud_1            | #3 {main}

Looks like it's the same issue like Wonderfall/docker-nextcloud#90. Maybe I'm doing something wrong? Can't imagine that a real issue over there is unfixed since 4 month?

I'm posting this here in case this ends up being an issue with this container as well, like that PHP hardening issue I previously reported. It doesn't seem like others with the Suspicious Login app are getting these kinds of errors, so it could be this container. Any ideas?

nextcloud/suspicious_login#695

I've recently updated to NC29 and my instance complains about cron not being executed for over 2h.

There's a notice at the cron setting which states "The cron.php needs to be executed by the system account "nextcloud"."
I've already restarted the container two times - no visible effect.

Cron worked as expected on NC28.

Not sure if this is a bug. The other environment variables like APC_SHM_SIZE and OPCACHE_MEM_SIZE are reflected correctly in php -i.

Starting automatic configuration...
Automatic configuration finished.
Exception: Not installed in /nextcloud/lib/base.php:277
Stack trace:
#0 /nextcloud/lib/base.php(656): OC::checkInstalled(Object(OC\SystemConfig))
#1 /nextcloud/lib/base.php(1096): OC::init()
#2 /nextcloud/cron.php(43): require_once('/nextcloud/lib/...')
#3 {main}

Upgrading from the old image https://github.com/hoellen/dockerfiles/tree/master/nextcloud to this one here.
DB is run seperately, so this could be a different bug than #10

I'm not able to pull the image, even after login ghcr.io with my account. Is this an error on my end or are there permissions on your side not set correctly? Also in the README the nextcloud version (21) is wrong. It should be 23, right?