diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml new file mode 100644 index 0000000..c4eff3b --- /dev/null +++ b/nextcloud/docker-compose.yml @@ -0,0 +1,150 @@ +version: '3.5' + +networks: + default: + external: + name: traefik_default + +services: + nextcloud-db: + env_file: live.env + image: mariadb:10 + container_name: nextcloud-db + command: --transaction-isolation=READ-COMMITTED --log-bin=ROW + labels: + - "com.centurylinklabs.watchtower.enable=true" + networks: + - default + ports: + - 3306:3306 + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - ${NEXTCLOUD_ROOT}/mariadb:/var/lib/mysql + + nextcloud-redis: + image: redis:6-alpine + container_name: nextcloud-redis + command: redis-server --requirepass ${REDIS_HOST_PASSWORD} + labels: + - "com.centurylinklabs.watchtower.enable=true" + networks: + - default + restart: unless-stopped + volumes: + - ${NEXTCLOUD_ROOT}/redis:/data + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + + + nextcloud-app: + depends_on: + - nextcloud-db + - nextcloud-redis + container_name: nextcloud-app + env_file: live.env + environment: + - NEXTCLOUD_TRUSTED_DOMAINS='${NEXTCLOUD_FQDN}' + extra_hosts: + - "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}" + - "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}" + image: nextcloud:20 + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Routes + - "traefik.enable=true" + - "traefik.http.routers.nextcloud.entrypoints=websecure" + - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)" + - "traefik.http.routers.nextcloud.tls=true" + - "traefik.http.routers.nextcloud.tls.certresolver=myresolver" + - "traefik.http.services.nextcloud.loadbalancer.server.port=80" + # HSTS and Cal Dav + - "traefik.http.middlewares.nc-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav" + - "traefik.http.middlewares.nc-rep.redirectregex.replacement=https://$$1/remote.php/dav/" + - "traefik.http.middlewares.nc-rep.redirectregex.permanent=true" + - "traefik.http.middlewares.nc-header.headers.referrerPolicy=no-referrer" + - "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000" + - "traefik.http.middlewares.nc-header.headers.forceSTSHeader=true" + - "traefik.http.middlewares.nc-header.headers.stsPreload=true" + - "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true" + - "traefik.http.middlewares.nc-header.headers.browserXssFilter=true" + - "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https" + - "traefik.http.routers.nextcloud.middlewares=nc-rep,nc-header" + networks: + - default + restart: unless-stopped + volumes: + - ${NEXTCLOUD_ROOT}/html:/var/www/html + - ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data + + nextcloud-cron: + image: nextcloud:20 + container_name: nextcloud-cron + labels: + - "com.centurylinklabs.watchtower.enable=true" + restart: unless-stopped + volumes: + - ${NEXTCLOUD_ROOT}/html:/var/www/html + - ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data + entrypoint: /cron.sh + depends_on: + - nextcloud-db + - nextcloud-redis + - nextcloud-collabora + + nextcloud-coturn: + image: instrumentisto/coturn + container_name: nextcloud-coturn + restart: unless-stopped + ports: + - "3478:3478/tcp" + - "3478:3478/udp" + networks: + - default + command: + - -n + - --log-file=stdout + - --min-port=49160 + - --max-port=49200 + - --realm=${NEXTCLOUD_FQDN} + - --use-auth-secret + - --static-auth-secret=${COTURN_SECRET} + + nextcloud-collabora: + image: collabora/code:6.4.2.2 + container_name: nextcloud-collabora + env_file: live.env + extra_hosts: + - "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}" + - "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}" + hostname: collabora.sporada.eu + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Routes + - "traefik.enable=true" + - "traefik.http.routers.collabora.entrypoints=websecure" + - "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)" + - "traefik.http.routers.collabora.tls.certresolver=myresolver" + - "traefik.http.services.collabora.loadbalancer.server.port=9980" + restart: unless-stopped + networks: + - default + ports: + - "9980:9980" + environment: + - domain=${COLLABORA_DOMAIN} + - server_name=${COLLABORA_FQDN} + - username=${COLLABORA_USERNAME} + - password=${COLLABORA_PASSWORD} + - extra_params=--o:ssl.enable=false --o:ssl.termination=true + cap_add: + - MKNOD + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - ./collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml + + diff --git a/nextcloud/live.env.tpl b/nextcloud/live.env.tpl new file mode 100644 index 0000000..adb7d5b --- /dev/null +++ b/nextcloud/live.env.tpl @@ -0,0 +1,29 @@ +# MariaDB settings +MYSQL_ROOT_PASSWORD=password_db_root +MYSQL_DATABASE=nextcloud +MYSQL_USER=nextcloud +MYSQL_PASSWORD=password_db +MYSQL_INITDB_SKIP_TZINFO=1 +MYSQL_HOST=nextcloud-db + +# Redis +REDIS_HOST=nextcloud-redis +REDIS_HOST_PASSWORD=password_redis + +# Nextcloud +NEXTCLOUD_ROOT=/home/compute/services/nextcloud +NEXTCLOUD_DATA_DIR=/srv/nextcloud/data +NEXTCLOUD_FQDN=your_nextcloud_sub_domain.domain.com +# This is the IP of the Trafik container. This changes if the traefik container restarts. If it is not the current traefik container IP collabora does not work. Check the current traefik container IP with: docker inspect traefik and get the IP from the Networks -> traefik_default -> IPAddress section +TRAEFIK_CONTAINER_IP=172.27.0.16 + +# Collabora +COLLABORA_FQDN=collabora.domain.com +COLLABORA_DOMAIN=nextcloud_sub_domain\\.domain\\.com # This is the domain which the collabora server is requests accepting from. +COLLABORA_USERNAME=username +COLLABORA_PASSWORD=password_collabora + +# COTURN +COTURN_SECRET=password_coturn +# Traefik +DOMAIN=domain.com