Merge branch 'CVE' of adasauce/nextcloud-docker into master

changes are pulled from nextcloud blogpost covering the issue.
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/

should also pull and build a new web container.

docker-compose.yml

@@ -2,7 +2,7 @@ version: '3'
 
 services:
   db:
-    image: postgres:alpine
+    image: postgres:11-alpine
     restart: always
     volumes:
       - db:/var/lib/postgresql/data
@@ -46,11 +46,29 @@ services:
       while /bin/true; do
         echo Starting cron
         su -s "/bin/sh" -c "/usr/local/bin/php /var/www/html/cron.php" www-data
-        echo $$(date) - Running cron finished
+        echo \$$(date) - Running cron finished
         sleep 900
       done
       EOF'
 
+  thumbnailer:
+    image: nextcloud:fpm-alpine
+    restart: always
+    volumes:
+      - nextcloud:/var/www/html
+    depends_on:
+      - app
+    entrypoint: |
+      sh -c 'sh -s <<EOF
+      trap "break;exit" SIGHUP SIGINT SIGTERM
+      while /bin/true; do
+        echo Starting thumbnail cron
+        su -s "/bin/sh" -c "/usr/local/bin/php occ preview:pre-generate" www-data
+        echo \$$(date) - Running thumbnail cron finished
+        sleep 60
+      done
+      EOF'
+
   proxy:
     build: ./proxy
     restart: always

web/nginx.conf

@@ -94,7 +94,7 @@ http {
         #pagespeed off;
 
         location / {
-            rewrite ^ /index.php$request_uri;
+            rewrite ^ /index.php;
         }
 
         location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
@@ -104,14 +104,16 @@ http {
             deny all;
         }
 
-        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+        location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
-            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
+            try_files $fastcgi_script_name =404;
             include fastcgi_params;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param SCRIPTFILENAME $document_root$fastcgi_script_name;
-            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param PATHINFO $fastcgi_path_info;
-            # fastcgi_param HTTPS on;
+            fastcgi_param HTTPS on;
-            #Avoid sending the security headers twice
+            # Avoid sending the security headers twice
             fastcgi_param modHeadersAvailable true;
+            # Enable pretty urls
             fastcgi_param front_controller_active true;
             fastcgi_pass php-handler;
             fastcgi_intercept_errors on;