From 16bd3f492ccf129c8f100a3566be314d109ebf26 Mon Sep 17 00:00:00 2001 From: Abhay Kumar <163823435+its-abhaykumar@users.noreply.github.com> Date: Mon, 5 Jan 2026 22:48:39 +0530 Subject: [PATCH 1/4] Add PostgreSQL SSL options to entrypoint script Signed-off-by: Abhay Kumar <163823435+its-abhaykumar@users.noreply.github.com> --- 31/fpm/entrypoint.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/31/fpm/entrypoint.sh b/31/fpm/entrypoint.sh index e3b88f147..4e3a851c0 100755 --- a/31/fpm/entrypoint.sh +++ b/31/fpm/entrypoint.sh @@ -216,6 +216,15 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_DB file_env POSTGRES_PASSWORD file_env POSTGRES_USER + if [ -n "$POSTGRES_SSLMODE" ]; then + # 1000 is the internal PHP PDO constant for PDO::PGSQL_ATTR_SSL_MODE + run_as 'php /var/www/html/occ config:system:set dbdriveroptions 1000 --value="'$POSTGRES_SSLMODE'" --type=string' +fi + +if [ -n "$POSTGRES_SSLCA" ]; then + # 1012 is the internal PHP PDO constant for PDO::PGSQL_ATTR_SSL_CA + run_as 'php /var/www/html/occ config:system:set dbdriveroptions 1012 --value="'$POSTGRES_SSLCA'" --type=string' +fi if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" From e89fca93ebf41176125f504f53bc79b1f2609212 Mon Sep 17 00:00:00 2001 From: Abhay Kumar <163823435+its-abhaykumar@users.noreply.github.com> Date: Mon, 5 Jan 2026 22:50:32 +0530 Subject: [PATCH 2/4] Add SSL options for PostgreSQL configuration Signed-off-by: Abhay Kumar <163823435+its-abhaykumar@users.noreply.github.com> --- 31/apache/entrypoint.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/31/apache/entrypoint.sh b/31/apache/entrypoint.sh index e3b88f147..1624918db 100755 --- a/31/apache/entrypoint.sh +++ b/31/apache/entrypoint.sh @@ -216,7 +216,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_DB file_env POSTGRES_PASSWORD file_env POSTGRES_USER + if [ -n "$POSTGRES_SSLMODE" ]; then + run_as 'php /var/www/html/occ config:system:set dbdriveroptions 1000 --value="'$POSTGRES_SSLMODE'" --type=string' + fi + if [ -n "$POSTGRES_SSLCA" ]; then + run_as 'php /var/www/html/occ config:system:set dbdriveroptions 1012 --value="'$POSTGRES_SSLCA'" --type=string' + fi if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 From 7e20e2db9399f20eec3d3241392e2aaf042152b6 Mon Sep 17 00:00:00 2001 From: Abhay Kumar <163823435+its-abhaykumar@users.noreply.github.com> Date: Mon, 5 Jan 2026 22:51:35 +0530 Subject: [PATCH 3/4] Enhance entrypoint.sh for PostgreSQL SSL configuration Add support for PostgreSQL SSL mode and CA options in entrypoint script. Signed-off-by: Abhay Kumar <163823435+its-abhaykumar@users.noreply.github.com> --- 32/apache/entrypoint.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/32/apache/entrypoint.sh b/32/apache/entrypoint.sh index e3b88f147..39b1a7750 100755 --- a/32/apache/entrypoint.sh +++ b/32/apache/entrypoint.sh @@ -216,6 +216,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_DB file_env POSTGRES_PASSWORD file_env POSTGRES_USER + if [ -n "$POSTGRES_SSLMODE" ]; then + run_as 'php /var/www/html/occ config:system:set dbdriveroptions 1000 --value="'$POSTGRES_SSLMODE'" --type=string' + fi + + if [ -n "$POSTGRES_SSLCA" ]; then + run_as 'php /var/www/html/occ config:system:set dbdriveroptions 1012 --value="'$POSTGRES_SSLCA'" --type=string' + fi if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" From bfe5e81dd48e98b7cf95032959f1f580fdd6f1ee Mon Sep 17 00:00:00 2001 From: Abhay Kumar <163823435+its-abhaykumar@users.noreply.github.com> Date: Tue, 6 Jan 2026 05:27:00 +0000 Subject: [PATCH 4/4] feat: add support for POSTGRES_SSLMODE environment variable Signed-off-by: Abhay Kumar <163823435+its-abhaykumar@users.noreply.github.com> --- 32/apache/Dockerfile | 10 +++++----- 32/apache/entrypoint.sh | 14 ++++++-------- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/32/apache/Dockerfile b/32/apache/Dockerfile index ceff3a6d5..2ae2914e4 100644 --- a/32/apache/Dockerfile +++ b/32/apache/Dockerfile @@ -19,9 +19,9 @@ RUN set -ex; \ # install the PHP extensions we need # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html -ENV PHP_MEMORY_LIMIT 512M -ENV PHP_UPLOAD_LIMIT 512M -ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128 +ENV PHP_MEMORY_LIMIT=512M +ENV PHP_UPLOAD_LIMIT=512M +ENV PHP_OPCACHE_MEMORY_CONSUMPTION=128 RUN set -ex; \ \ savedAptMark="$(apt-mark showmanual)"; \ @@ -144,13 +144,13 @@ RUN a2enmod headers rewrite remoteip ; \ a2enconf remoteip # set apache config LimitRequestBody -ENV APACHE_BODY_LIMIT 1073741824 +ENV APACHE_BODY_LIMIT=1073741824 RUN { \ echo 'LimitRequestBody ${APACHE_BODY_LIMIT}'; \ } > /etc/apache2/conf-available/apache-limits.conf; \ a2enconf apache-limits -ENV NEXTCLOUD_VERSION 32.0.3 +ENV NEXTCLOUD_VERSION=32.0.3 RUN set -ex; \ fetchDeps=" \ diff --git a/32/apache/entrypoint.sh b/32/apache/entrypoint.sh index 39b1a7750..7e403b63b 100755 --- a/32/apache/entrypoint.sh +++ b/32/apache/entrypoint.sh @@ -216,14 +216,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP file_env POSTGRES_DB file_env POSTGRES_PASSWORD file_env POSTGRES_USER - if [ -n "$POSTGRES_SSLMODE" ]; then - run_as 'php /var/www/html/occ config:system:set dbdriveroptions 1000 --value="'$POSTGRES_SSLMODE'" --type=string' - fi - - if [ -n "$POSTGRES_SSLCA" ]; then - run_as 'php /var/www/html/occ config:system:set dbdriveroptions 1012 --value="'$POSTGRES_SSLCA'" --type=string' - fi - + if [ -n "${SQLITE_DATABASE+x}" ]; then echo "Installing with SQLite database" # shellcheck disable=SC2016 @@ -270,6 +263,11 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi run_path post-installation + + if [ -n "$POSTGRES_SSLMODE" ]; then + echo "Configuring Postgres SSL Mode..." + run_as 'php /var/www/html/occ config:system:set dbdriveroptions 1000 --value="'$POSTGRES_SSLMODE'" --type=string' + fi fi fi # not enough specified to do a fully automated installation