From d66f34936b49fbb1ff0717bc4545fcb461ad9684 Mon Sep 17 00:00:00 2001
From: sporada <porada@posteo.de>
Date: Thu, 25 Mar 2021 14:37:52 +0100
Subject: [PATCH] =?UTF-8?q?Dateien=20hochladen=20nach=20=E2=80=9Enextcloud?=
 =?UTF-8?q?=E2=80=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add nextcloud service
---
 nextcloud/docker-compose.yml | 150 +++++++++++++++++++++++++++++++++++
 nextcloud/live.env.tpl       |  29 +++++++
 2 files changed, 179 insertions(+)
 create mode 100644 nextcloud/docker-compose.yml
 create mode 100644 nextcloud/live.env.tpl

diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml
new file mode 100644
index 0000000..c4eff3b
--- /dev/null
+++ b/nextcloud/docker-compose.yml
@@ -0,0 +1,150 @@
+version: '3.5'
+
+networks:
+  default:
+    external:
+      name: traefik_default
+
+services:
+  nextcloud-db:
+    env_file: live.env
+    image: mariadb:10
+    container_name: nextcloud-db
+    command: --transaction-isolation=READ-COMMITTED --log-bin=ROW
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    networks:
+      - default
+    ports:
+      - 3306:3306
+    restart: unless-stopped
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+      - ${NEXTCLOUD_ROOT}/mariadb:/var/lib/mysql
+
+  nextcloud-redis:
+    image: redis:6-alpine
+    container_name: nextcloud-redis
+    command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    networks:
+      - default
+    restart: unless-stopped
+    volumes:
+      - ${NEXTCLOUD_ROOT}/redis:/data
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+      
+
+  nextcloud-app:
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+    container_name: nextcloud-app
+    env_file: live.env
+    environment:
+      - NEXTCLOUD_TRUSTED_DOMAINS='${NEXTCLOUD_FQDN}'
+    extra_hosts:
+      - "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}"
+      - "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}"
+    image: nextcloud:20
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Routes
+      - "traefik.enable=true"
+      - "traefik.http.routers.nextcloud.entrypoints=websecure"
+      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)"
+      - "traefik.http.routers.nextcloud.tls=true"
+      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
+      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
+      # HSTS and Cal Dav
+      - "traefik.http.middlewares.nc-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
+      - "traefik.http.middlewares.nc-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
+      - "traefik.http.middlewares.nc-rep.redirectregex.permanent=true"
+      - "traefik.http.middlewares.nc-header.headers.referrerPolicy=no-referrer"
+      - "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000"
+      - "traefik.http.middlewares.nc-header.headers.forceSTSHeader=true"
+      - "traefik.http.middlewares.nc-header.headers.stsPreload=true"
+      - "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.nc-header.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
+      - "traefik.http.routers.nextcloud.middlewares=nc-rep,nc-header"
+    networks:
+      - default
+    restart: unless-stopped
+    volumes:
+      - ${NEXTCLOUD_ROOT}/html:/var/www/html
+      - ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data
+
+  nextcloud-cron:
+    image: nextcloud:20
+    container_name: nextcloud-cron
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    restart: unless-stopped
+    volumes:
+      - ${NEXTCLOUD_ROOT}/html:/var/www/html
+      - ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data
+    entrypoint: /cron.sh
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+      - nextcloud-collabora
+
+  nextcloud-coturn:
+      image: instrumentisto/coturn
+      container_name: nextcloud-coturn
+      restart: unless-stopped
+      ports:
+       - "3478:3478/tcp"
+       - "3478:3478/udp"
+      networks:
+        - default
+      command:
+        - -n
+        - --log-file=stdout
+        - --min-port=49160
+        - --max-port=49200
+        - --realm=${NEXTCLOUD_FQDN}
+        - --use-auth-secret
+        - --static-auth-secret=${COTURN_SECRET}
+
+  nextcloud-collabora:
+    image: collabora/code:6.4.2.2
+    container_name: nextcloud-collabora
+    env_file: live.env
+    extra_hosts:
+      - "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}"
+      - "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}"
+    hostname: collabora.sporada.eu
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Routes
+      - "traefik.enable=true"
+      - "traefik.http.routers.collabora.entrypoints=websecure"
+      - "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)"
+      - "traefik.http.routers.collabora.tls.certresolver=myresolver"
+      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
+    restart: unless-stopped
+    networks:
+      - default
+    ports:
+      - "9980:9980"
+    environment:
+      - domain=${COLLABORA_DOMAIN}
+      - server_name=${COLLABORA_FQDN}
+      - username=${COLLABORA_USERNAME}
+      - password=${COLLABORA_PASSWORD}
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
+    cap_add:
+      - MKNOD
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+      - ./collabora/loolwsd.xml:/etc/loolwsd/loolwsd.xml
+  
+  
diff --git a/nextcloud/live.env.tpl b/nextcloud/live.env.tpl
new file mode 100644
index 0000000..adb7d5b
--- /dev/null
+++ b/nextcloud/live.env.tpl
@@ -0,0 +1,29 @@
+# MariaDB settings
+MYSQL_ROOT_PASSWORD=password_db_root
+MYSQL_DATABASE=nextcloud
+MYSQL_USER=nextcloud
+MYSQL_PASSWORD=password_db
+MYSQL_INITDB_SKIP_TZINFO=1
+MYSQL_HOST=nextcloud-db
+
+# Redis
+REDIS_HOST=nextcloud-redis
+REDIS_HOST_PASSWORD=password_redis
+
+# Nextcloud
+NEXTCLOUD_ROOT=/home/compute/services/nextcloud
+NEXTCLOUD_DATA_DIR=/srv/nextcloud/data
+NEXTCLOUD_FQDN=your_nextcloud_sub_domain.domain.com
+# This is the IP of the Trafik container. This changes if the traefik container restarts. If it is not the current traefik container IP collabora does not work. Check the current traefik container IP with: docker inspect traefik and get the IP from the Networks -> traefik_default -> IPAddress section
+TRAEFIK_CONTAINER_IP=172.27.0.16
+
+# Collabora
+COLLABORA_FQDN=collabora.domain.com
+COLLABORA_DOMAIN=nextcloud_sub_domain\\.domain\\.com # This is the domain which the collabora server is requests accepting from.
+COLLABORA_USERNAME=username
+COLLABORA_PASSWORD=password_collabora
+
+# COTURN
+COTURN_SECRET=password_coturn
+# Traefik
+DOMAIN=domain.com