From 9c579920db6f02d7d93a1a942ceedd3c155cf0d2 Mon Sep 17 00:00:00 2001
From: tobiasKaminsky <tobias@kaminsky.me>
Date: Mon, 14 Mar 2022 15:33:43 +0100
Subject: [PATCH] Add CI server for 7.2 to test against NC16

Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
---
 server-php7.2/Dockerfile              | 47 +++++++++++++++++++++++++
 server-php7.2/initAndRun.sh           |  3 ++
 server-php7.2/initnc.sh               | 50 +++++++++++++++++++++++++++
 server-php7.2/opcache-recommended.ini |  7 ++++
 server-php7.2/run.sh                  | 20 +++++++++++
 server-php7.2/ssl/default-ssl.conf    | 27 +++++++++++++++
 server-php7.2/ssl/dhparam.pem         |  8 +++++
 server-php7.2/ssl/nextcloud.crt       | 21 +++++++++++
 server-php7.2/ssl/nextcloud.key       | 28 +++++++++++++++
 server-php7.2/ssl/ssl-params.conf     | 16 +++++++++
 10 files changed, 227 insertions(+)
 create mode 100644 server-php7.2/Dockerfile
 create mode 100755 server-php7.2/initAndRun.sh
 create mode 100755 server-php7.2/initnc.sh
 create mode 100644 server-php7.2/opcache-recommended.ini
 create mode 100755 server-php7.2/run.sh
 create mode 100644 server-php7.2/ssl/default-ssl.conf
 create mode 100644 server-php7.2/ssl/dhparam.pem
 create mode 100644 server-php7.2/ssl/nextcloud.crt
 create mode 100644 server-php7.2/ssl/nextcloud.key
 create mode 100644 server-php7.2/ssl/ssl-params.conf

diff --git a/server-php7.2/Dockerfile b/server-php7.2/Dockerfile
new file mode 100644
index 00000000..f04d4e45
--- /dev/null
+++ b/server-php7.2/Dockerfile
@@ -0,0 +1,47 @@
+FROM debian:stable
+
+# Update repos install packages and cleanup
+# all in one step so we avoid large intermediate layers.
+RUN apt-get update && \
+    apt-get install -y wget gnupg2 git libzip4 apt-transport-https lsb-release ca-certificates && \
+    wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg && \
+    echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list && \
+    apt-get update && \
+    apt-get install -y php7.2-cli php7.2-common php7.2-mbstring \
+    php7.2-gd php7.2-imagick php7.2-intl php7.2-bz2 php7.2-xml \
+    php7.2-mysql php7.2-zip php7.2-dev curl php7.2-curl \
+    php-dompdf php7.2-apcu redis-server php7.2-redis php7.2-smbclient \
+    php7.2-ldap unzip php7.2-pgsql php7.2-sqlite make apache2 \
+    php7.2-json php7.2-opcache libmagickcore-6.q16-2-extra \
+    libapache2-mod-php7.2 && \
+    apt-get autoremove -y && apt-get autoclean && apt-get clean && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/*
+
+COPY opcache-recommended.ini /usr/local/etc/php/conf.d/
+
+WORKDIR /var/www/html
+
+RUN rm -rf /var/www/html
+RUN mkdir -p /var/www/html
+
+RUN git clone https://github.com/nextcloud/server.git .
+RUN git submodule update --init
+
+RUN chown -R www-data:www-data .
+RUN chsh -s /bin/bash www-data
+
+ADD initnc.sh /usr/local/bin/
+ADD run.sh /usr/local/bin/
+ADD initAndRun.sh /usr/local/bin/
+
+# self signed cert
+ADD ssl/dhparam.pem /etc/ssl/certs/
+ADD ssl/default-ssl.conf /etc/apache2/conf-available/ssl-params.conf
+ADD ssl/nextcloud.crt /etc/ssl/certs/nextcloud.crt
+ADD ssl/nextcloud.key /etc/ssl/private/nextcloud.key
+ADD ssl/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf
+
+RUN chmod +x /usr/local/bin/*
+
+EXPOSE 80
+ENTRYPOINT ["/usr/local/bin/initAndRun.sh"]
diff --git a/server-php7.2/initAndRun.sh b/server-php7.2/initAndRun.sh
new file mode 100755
index 00000000..f8e3a427
--- /dev/null
+++ b/server-php7.2/initAndRun.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+/usr/local/bin/initnc.sh
+/usr/local/bin/run.sh
diff --git a/server-php7.2/initnc.sh b/server-php7.2/initnc.sh
new file mode 100755
index 00000000..6d51a8c7
--- /dev/null
+++ b/server-php7.2/initnc.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+export BRANCH=${BRANCH:=master}
+
+# Where we do all the work
+cd /var/www/html/
+
+# Update code
+su www-data -c "
+git fetch origin
+git checkout ${BRANCH}
+git pull
+git submodule update
+
+# Creating data
+mkdir -p /var/www/html/data
+
+# Init
+php occ maintenance:install --admin-user=admin --admin-pass=admin
+OC_PASS=test php occ user:add --password-from-env -- test
+
+# Trusted domains
+php occ config:system:set trusted_domains 1 --value=*
+php occ config:system:set loglevel --value='0'
+"
+
+# allow eval script for executing javascript in webview (LoginIT test for Android)
+# it needs EVAL set to true within environment in .drone.yml
+
+if test -z "$EVAL"
+then
+	echo "\$EVAL not set, ignoring..."
+else
+    echo "\$EVAL is set, allowing eval script in ContentSecurityPolicy.php"
+	sed -i s'/protected $evalScriptAllowed = false;/protected $evalScriptAllowed = true;/' lib/public/AppFramework/Http/ContentSecurityPolicy.php
+fi
+
+
+if test -z "$REDIS" 
+then
+	  echo "\$REDIS not set, ignoring..."
+else
+    su www-data -c "
+	php occ config:system:set redis host --value=${REDIS}
+	php occ config:system:set redis port --value=6379 --type=integer
+	php occ config:system:set redis timeout --value=0 --type=integer
+	php occ config:system:set --type string --value '\\OC\\Memcache\\Redis' memcache.local
+	php occ config:system:set --type string --value '\\OC\\Memcache\\Redis' memcache.distributed
+	"
+fi
diff --git a/server-php7.2/opcache-recommended.ini b/server-php7.2/opcache-recommended.ini
new file mode 100644
index 00000000..f588f0c3
--- /dev/null
+++ b/server-php7.2/opcache-recommended.ini
@@ -0,0 +1,7 @@
+opcache.enable=1
+opcache.enable_cli=1
+opcache.interned_strings_buffer=8
+opcache.max_accelerated_files=10000
+opcache.memory_consumption=128
+opcache.save_comments=1
+opcache.revalidate_freq=1
\ No newline at end of file
diff --git a/server-php7.2/run.sh b/server-php7.2/run.sh
new file mode 100755
index 00000000..634f1d40
--- /dev/null
+++ b/server-php7.2/run.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+cd /var/www/html/
+
+. /etc/apache2/envvars
+
+# allow php and apache2 to create their run socket
+mkdir -p /run/php
+mkdir -p /var/run/apache2
+
+tail -f data/nextcloud.log &
+
+a2enmod ssl
+a2enmod headers
+a2ensite default-ssl
+a2enconf ssl-params
+apache2ctl configtest
+
+apache2 -DFOREGROUND "$@"
diff --git a/server-php7.2/ssl/default-ssl.conf b/server-php7.2/ssl/default-ssl.conf
new file mode 100644
index 00000000..a3834c5c
--- /dev/null
+++ b/server-php7.2/ssl/default-ssl.conf
@@ -0,0 +1,27 @@
+<IfModule mod_ssl.c>
+        <VirtualHost _default_:443>
+                ServerAdmin webmaster@localhost
+
+                DocumentRoot /var/www/html
+
+                ErrorLog ${APACHE_LOG_DIR}/error.log
+                CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+                SSLEngine on
+
+                SSLCertificateFile      /etc/ssl/certs/nextcloud.crt
+                SSLCertificateKeyFile /etc/ssl/private/nextcloud.key
+
+                <FilesMatch "\.(cgi|shtml|phtml|php)$">
+                                SSLOptions +StdEnvVars
+                </FilesMatch>
+                <Directory /usr/lib/cgi-bin>
+                                SSLOptions +StdEnvVars
+                </Directory>
+
+                BrowserMatch "MSIE [2-6]" \
+                               nokeepalive ssl-unclean-shutdown \
+                               downgrade-1.0 force-response-1.0
+
+        </VirtualHost>
+</IfModule>
diff --git a/server-php7.2/ssl/dhparam.pem b/server-php7.2/ssl/dhparam.pem
new file mode 100644
index 00000000..7418a9d6
--- /dev/null
+++ b/server-php7.2/ssl/dhparam.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA26d/5lCEkFVOOHNm4BPAcT6XXjkTceBwk+XBBAJb95uUznJwknlu
+RaiH04o6gJb43sSdOzaXKkcehXlk+XFKC4OzSbzcVSatrrnvBbwsPG1t1kwZWWw6
+4HsNRVDFhPk+YGU3pViujS5KNRUU28XGJaGoEv6LkgvkoSDxW4n8w1W3xJgZwfH8
+oy4PiResVejsSpS50f6WmBDzGx1YqBKrQPezFzoOxb2WTASf3GBpW+VqkdcS2t2u
+ALh4r/CqSlQtLeOMVwvzc/shiW4ZJgpM9WIa7qoKJodt0CLn8/+FYjJab5PhfwKH
+Mm85wnMkkUpY4n3NqzTTZ9p9CI9rzAEUIwIBAg==
+-----END DH PARAMETERS-----
diff --git a/server-php7.2/ssl/nextcloud.crt b/server-php7.2/ssl/nextcloud.crt
new file mode 100644
index 00000000..2f03000b
--- /dev/null
+++ b/server-php7.2/ssl/nextcloud.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIUX0P/knbu3gFXra20pX7t9NNcytIwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDAxMjcwODUyMjlaFw0zMDAx
+MjQwODUyMjlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC+UfZFIMu1yWLrdWxH71WusFt832LUi8c28hzfFB0y
+g9q6Lhm/8peCqvldXq0t3/zGpTIwoHpmyQ9niiJXtwZYoYAtN3kfyO9NxRyCBpaM
+Dz3F5uOD2a/Ut0LV/+/RJMHIvjoeZ0FA0dBEZCgP38gTiXZYx+/RuyZ2ZMx81uo3
+jchluojHRUpLNSiQkmbTNe86rqNztKuUkQZhqImj/M1XxbpIQqdRuugh/B2/um3n
+H7Sxj8LoYRvZDIYoCD8GHcDK2ybxjfnboJwyOvr258vazqVAj7yfWFuBjP0qfnON
+InoR1AparLl2vaapHm1NO77vTQkYITWPioWFjKuxfNQ7AgMBAAGjUzBRMB0GA1Ud
+DgQWBBQvlNeRfCuEm1mJeoQVX4oJ78JL3zAfBgNVHSMEGDAWgBQvlNeRfCuEm1mJ
+eoQVX4oJ78JL3zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA+
+MU+rJQH3cACCtHg9pIMfeNVpfix3VpiLBxjjsFvmKmsvZRre+hk2jhykVr2b5r4W
+RWhBhZeCa1s8QXq/YnY4I2oVeK3FTy417XI79okOUylzrqAgMJfvnigjQCz1N64I
+AbFpWqSwLGBezSFvxjkJtk7GuVEXBuD7REqZHfu6ksV9Axhv2pr6YFiGJMgsG3yC
+JI2hfkGjAIdqoguZc/qWJC7Vx8rYi/hoq+U+WHOsGD6C9/AMCGmlVQpdqYdw7g3+
+6+pwIqK1lSIhEP5WzJR3QawVqc9q4Wxnz7BYMo6/qpVpBSzhW4qPy0Gsx8Pa27OD
+4nAEqYAYpUMeLOzmpjyy
+-----END CERTIFICATE-----
diff --git a/server-php7.2/ssl/nextcloud.key b/server-php7.2/ssl/nextcloud.key
new file mode 100644
index 00000000..feadbb40
--- /dev/null
+++ b/server-php7.2/ssl/nextcloud.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+UfZFIMu1yWLr
+dWxH71WusFt832LUi8c28hzfFB0yg9q6Lhm/8peCqvldXq0t3/zGpTIwoHpmyQ9n
+iiJXtwZYoYAtN3kfyO9NxRyCBpaMDz3F5uOD2a/Ut0LV/+/RJMHIvjoeZ0FA0dBE
+ZCgP38gTiXZYx+/RuyZ2ZMx81uo3jchluojHRUpLNSiQkmbTNe86rqNztKuUkQZh
+qImj/M1XxbpIQqdRuugh/B2/um3nH7Sxj8LoYRvZDIYoCD8GHcDK2ybxjfnboJwy
+Ovr258vazqVAj7yfWFuBjP0qfnONInoR1AparLl2vaapHm1NO77vTQkYITWPioWF
+jKuxfNQ7AgMBAAECggEBAKJyjTVWF+rzmVaHJMSF2enAqGZ+ufnX0VPp9pDGt2E9
+wH24CcyYAZDL5Qs4W7NTg4v+x0dQQwnmxhpHgqbCF02hlCmENwPVW8VS4NFvVCL6
+g2yfdkU9kuKLBiZpTcaDjFCPZkY7Nixgqlcl8jgSd9GNPJHtHpszFlJqGUzZmJOP
+HY0dSnhxfqIheHAgixuvcB/WT2RzqpAowpXDWaAXhFFtETgEpT/ckU2FIWsKS7qV
+l7A9vZk9k0WWQCNvVI/pkz2SZrg4R3q2nLk5gnuSz2/qDvt7pPUgK18MA7oK0Sj2
+Wij5z6VYN/rgdxFxsouZ6iF3j59muqEZ2ZKwb0uI8tkCgYEA5WV/aPwYkSZOGqKZ
++6RbkcacG2R41B6YXW0+IlVwk5+nv6U1yURI8/LWJ2r5oVX0Z7XsNtoFfkArPT8j
+uHyPFZuHPLDcWoH89Y9xnq+mXdaX+/AYKMea2rebeDdnUFl9aFZcEUewZ4vKcPDq
+GYZ143THOJElpjD5OWpqUvIB8M0CgYEA1GRWDcAEfwaBazePJ9AFyqCHvwFI2jGZ
+JZYecnBwpWg04rheKV0+sVOyuCHbBeMfQRzNWnYp8zUZG/F+g0FDWETMIauUn4PT
+AEZcOTamqPPo+iwo18asmaDth5zfcjpvESijnYgNCBTb2iHXw8c6eYhO64mVxEhd
+fTxkE+jhuScCgYEAwpRTfJPJquVY/tLJ1l/VpFNZewrASv0gtK7DM5BRi4azXaYf
+d3dKglKLQKhG0oj8ZTQ1B1nrqul3Q95YyFYvcF6aWeqTHtp/3TMtZzMK5THvfS5s
+77pQKhHv+ArWwZsG+we11JqAkXRL5X0UtU4OlT8q9Vp5Gv0TiZYwVecdqkkCgYAb
+dL0LGf96zER+r7f51ZJqF0Z1Ep1wV2kMytM0yARH3ai4hkzl2//2vHMmCnpd0HaB
+3E9Pmmbh4cNVMWrBXPZvurUIxT15QXlNV8skOkRhIubDMGI3Qp+dXIhYN5dLFPK2
+rSI5gxTsLoYdNLLHxEFy5IQPPsH1lcVAI0ZsrHZBkQKBgEyW0iUdIdIZDGR2R+wX
+NOnRfIN8o8Y4YUTLA6bkV6NPSHkz6l5kO27W36CO0+xmQWS4AH/4hpIgZBZZ4J/t
+XRf8zYRVGuAVZnlXMl4N8D8HZigRwCoP2UgrIUuC7aXB2WEu0ZZ2nWngws8vBOFf
+a6aexBOQw4Qgl6Mh3Ecw+7hP
+-----END PRIVATE KEY-----
diff --git a/server-php7.2/ssl/ssl-params.conf b/server-php7.2/ssl/ssl-params.conf
new file mode 100644
index 00000000..075418bf
--- /dev/null
+++ b/server-php7.2/ssl/ssl-params.conf
@@ -0,0 +1,16 @@
+# from https://cipherli.st/
+# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
+
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+SSLProtocol All -SSLv2 -SSLv3
+SSLHonorCipherOrder On
+Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
+Header always set X-Frame-Options DENY
+Header always set X-Content-Type-Options nosniff
+# Requires Apache >= 2.4
+SSLCompression off 
+SSLSessionTickets Off
+SSLUseStapling on 
+SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
+
+SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"