Add in-container nextcloud install

This increases the size of the container image, but reduces the reliance
on the external volume for loading application data. This couples the application
code to the container image rather than to the container state.

Makefile

@@ -1,20 +0,0 @@
-REPOSITORY_PROXY   = dev.enpaul.net/skylab/nxcloud-proxy
-REPOSITORY_SERVER  = dev.enpaul.net/skylab/nxcloud-server
-
-
-.PHONY: help docs
-# source: https://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
-help: ## List Makefile targets
-	$(info Makefile documentation)
-	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-10s\033[0m %s\n", $$1, $$2}'
-
-
-image:  ## Build image
-	podman build ./php-fpm --tag $(REPOSITORY_SERVER):latest
-	podman build ./nginx --tag $(REPOSITORY_PROXY):latest
-
-push: image  ## Build and publish image
-	podman login $(shell echo $(REPOSITORY_SERVER) | cut -d '/' -f 1)
-	podman push $(REPOSITORY_SERVER):latest
-	podman login $(shell echo $(REPOSITORY_PROXY) | cut -d '/' -f 1)
-	podman push $(REPOSITORY_PROXY):latest

docker-compose.yml

@@ -2,70 +2,79 @@
 services:
 
   nginx:
+    container_name: nginx-nextcloud
     build: ./nginx
     ports:
-      - 8080:80
+      - 80:80
       - 443:443
     volumes:
-      - ./appdata/application:/var/www/html
+      - ${NEXTCLOUD_DIR}:/var/www/html
-      - ./appdata/data:/data
+      - ${DATA_DIR}:/data
     environment:
-      - NEXTCLOUD_PHP_FPM_HOST=nxcloud-server-1:9000
+      - NEXTCLOUD_PHP_FPM_HOST=${NEXTCLOUD_PHP_FPM_HOST}
-      - NEXTCLOUD_DOMAIN=localhost
+      - NEXTCLOUD_DOMAIN=${NEXTCLOUD_DOMAIN}
-      - NEXTCLOUD_MAX_UPLOAD_SIZE=4G
+      - NEXTCLOUD_MAX_UPLOAD_SIZE=${NEXTCLOUD_MAX_UPLOAD_SIZE}
     networks:
       - nextcloud
     depends_on:
-      - server
+      - php-fpm-nextcloud
-      - redis
+      - redis-nextcloud
-      - mariadb
+      - mariadb-nextcloud
 
-  server:
+  php-fpm-nextcloud:
+    container_name: php-fpm-nextcloud
     build:
       context: ./php-fpm
       tags:
-        - vcs.enp.one/skylab/nextcloud-server:latest
+        - localhost/php-fpm-nextcloud:latest
     volumes:
-      - ./appdata/application:/var/www/html
+      - ${NEXTCLOUD_DIR}:/var/www/html
-      - ./appdata/data:/data
+      - ${DATA_DIR}:/data
     networks:
       - nextcloud
 
-  mariadb:
+  mariadb-nextcloud:
+    container_name: mariadb-nextcloud
     image: mariadb
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    restart: always
     volumes:
-      - ./appdata/database:/var/lib/mysql
+      - ./mariadb:/var/lib/mysql
     environment:
-      - MARIADB_RANDOM_ROOT_PASSWORD=true
+      - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASS}
-      - MYSQL_PASSWORD=nextcloud
+      - MYSQL_PASSWORD=${MARIADB_PASS}
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
     networks:
       - nextcloud
 
-  redis:
+  redis-nextcloud:
+    container_name: redis-nextcloud
+#    image: redis:latest
+# keydb is a fork and drop-in replacement for Redis
     image: eqalpha/keydb
+    restart: unless-stopped
     networks:
       - nextcloud
 
-  cron:
+  cron-nextcloud:
-    image: vcs.enp.one/skylab/nextcloud-server:latest
+    container_name: cron-nextcloud
+    image: localhost/php-fpm-nextcloud:latest
+    restart: unless-stopped
     command:
+      - bash
       - -c
-      - "'while true; do php --define apc.enable_cli=1 /var/www/html/cron.php; sleep 300; done'"
+      - "'while true; do php --define apc.enable_cli=1 /var/www/html/cron.php && sleep 300; done'"
     networks:
       - nextcloud
     user: www-data
-    entrypoint:
-      - /bin/bash
     volumes:
-      - ./appdata/application:/var/www/html
+      - ${NEXTCLOUD_DIR}:/var/www/html
-      - ./appdata/data:/data
+      - ${DATA_DIR}:/data
     depends_on:
-      - server
+      - php-fpm-nextcloud
-      - redis
+      - redis-nextcloud
-      - mariadb
+      - mariadb-nextcloud
 
 networks:
   nextcloud:

nginx/Dockerfile

@@ -1,10 +1,28 @@
-FROM docker.io/library/nginx:latest
+FROM docker.io/library/debian:latest AS unpack
+
+RUN apt-get update --yes
+RUN apt-get install unzip --yes
+RUN mkdir --parents /download
+
+WORKDIR /download
+
+ADD https://download.nextcloud.com/server/releases/latest.zip /download/latest.zip
+RUN unzip latest.zip
+
+FROM docker.io/library/nginx:latest AS final
 
 ENV NEXTCLOUD_DOMAIN=example.com
-ENV NEXTCLOUD_PHP_FPM_HOST=server:9000
+ENV NEXTCLOUD_PHP_FPM_HOST=php-fpm-nextcloud:9000
 ENV NEXTCLOUD_MAX_UPLOAD_SIZE=512M
 
 ADD nginx.conf.template /nginx.conf.template
 ADD docker-entrypoint.sh /docker-entrypoint.sh
 
+RUN mkdir --parents /var/www/html
+WORKDIR /var/www/html
+
+COPY --from=unpack /download/nextcloud /var/www/html/nextcloud
+RUN chown -R root:root nextcloud/
+RUN chmod -R 0755 nextcloud/
+
 ENTRYPOINT ["sh", "-c", "/docker-entrypoint.sh"]

nginx/nginx.conf.template

@@ -13,8 +13,8 @@ http {
     }
 
     server {
-        listen 80 http2;
+        listen 80;
-        listen [::]:80 http2;
+        listen [::]:80;
         # INFO: Set this to your domain
         server_name ${NEXTCLOUD_DOMAIN};
 
@@ -154,7 +154,6 @@ http {
             fastcgi_request_buffering off;
 
             fastcgi_max_temp_file_size 0;
-            fastcgi_read_timeout 600;
         }
 
         # Serve static files

php-fpm/Dockerfile

@@ -15,6 +15,7 @@ RUN apt-get update && apt-get install -y \
     libldap2-dev \
     libsmbclient-dev \
     libcurl4-openssl-dev \
+    unzip \
     && rm -rf /var/lib/apt/lists/*
 
 # Download and install the docker-php-extension-installer script
@@ -55,19 +56,20 @@ RUN install-php-extensions \
     redis \
     imagick \
     sysvsem \
-    opcache \
+    opcache
-    pgsql
 
 
 # Copy optimized php.ini-development and production
 COPY ./php.ini-production /usr/local/etc/php/php.ini
 
-# Copy optimized php-fpm.ini
-COPY ./php-fpm.ini /usr/local/etc/php-fpm.d/zz-pm-tuning.conf
-
 # Set the working directory
 WORKDIR /var/www/html
 
+RUN curl -sSLo latest.zip https://download.nextcloud.com/server/releases/latest.zip
+RUN unzip latest.zip
+RUN rm latest.zip
+RUN chown -R www-data:www-data nextcloud/
+
 # Expose port 9000 for PHP-FPM
 # EXPOSE 9000
 

php-fpm/php-fpm.ini

@@ -1,6 +0,0 @@
-pm = static
-pm.max_children = 800
-pm.start_servers = 200
-pm.min_spare_servers = 200
-pm.max_spare_servers = 600
-rlimit_files = 4096

php-fpm/php.ini-production

@@ -348,13 +348,13 @@ disable_classes =
 ; the file operations performed.
 ; Note: if open_basedir is set, the cache is disabled
 ; https://php.net/realpath-cache-size
-realpath_cache_size = 4096k
+;realpath_cache_size = 4096k
 
 ; Duration of time, in seconds for which to cache realpath information for a given
 ; file or directory. For systems with rarely changing files, consider increasing this
 ; value.
 ; https://php.net/realpath-cache-ttl
-realpath_cache_ttl = 120
+;realpath_cache_ttl = 120
 
 ; Enables or disables the circular reference collector.
 ; https://php.net/zend.enable-gc
@@ -432,7 +432,7 @@ max_input_time = 60
 
 ; Maximum amount of memory a script may consume
 ; https://php.net/memory-limit
-memory_limit = 8G
+memory_limit = 2048M
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ; Error handling and logging ;
@@ -855,7 +855,7 @@ file_uploads = On
 upload_max_filesize = 10G
 
 ; Maximum number of files that can be uploaded via a single request
-max_file_uploads = 100
+max_file_uploads = 20
 
 ;;;;;;;;;;;;;;;;;;
 ; Fopen wrappers ;
@@ -1789,14 +1789,14 @@ opcache.enable=1
 opcache.enable_cli=1
 
 ; The OPcache shared memory storage size.
-opcache.memory_consumption=256
+opcache.memory_consumption=128
 
 ; The amount of memory for interned strings in Mbytes.
-opcache.interned_strings_buffer=24
+opcache.interned_strings_buffer=16
 
 ; The maximum number of keys (scripts) in the OPcache hash table.
 ; Only numbers between 200 and 1000000 are allowed.
-opcache.max_accelerated_files=10000
+opcache.max_accelerated_files=4000
 
 ; The maximum percentage of "wasted" memory until a restart is scheduled.
 ;opcache.max_wasted_percentage=5
@@ -1814,7 +1814,7 @@ opcache.validate_timestamps=1
 ; How often (in seconds) to check file timestamps for changes to the shared
 ; memory storage allocation. ("1" means validate once per second, but only
 ; once per request. "0" means always validate)
-opcache.revalidate_freq=1
+opcache.revalidate_freq=60
 
 ; Enables or disables file search in include_path optimization
 ;opcache.revalidate_path=0
@@ -1972,10 +1972,3 @@ opcache.save_comments=1
 
 ; List of headers files to preload, wildcard patterns allowed.
 ;ffi.preload=
-
-
-; Useful Nextcloud optimizations and additions
-apc.enable_cli=1
-opcache.jit_buffer_size = 128M
-opcache.jit = tracing
-opcache.jit = 1235