version: '3.5' networks: default: external: name: traefik_default services: nextcloud-db: env_file: live.env image: mariadb:10.11 container_name: nextcloud-db command: --transaction-isolation=READ-COMMITTED --log-bin=ROW labels: - "com.centurylinklabs.watchtower.enable=true" networks: - default ports: - 3306:3306 restart: unless-stopped volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ${NEXTCLOUD_ROOT}/mariadb:/var/lib/mysql - ${NEXTCLOUD_ROOT}/mariadb-conf/docker.cnf:/etc/mysql/conf.d/docker.cnf:ro nextcloud-redis: image: redis:6-alpine container_name: nextcloud-redis command: redis-server --requirepass ${REDIS_HOST_PASSWORD} labels: - "com.centurylinklabs.watchtower.enable=true" networks: - default restart: unless-stopped volumes: - ${NEXTCLOUD_ROOT}/redis:/data - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro nextcloud-app: depends_on: - nextcloud-db - nextcloud-redis container_name: nextcloud-app env_file: live.env environment: - NEXTCLOUD_TRUSTED_DOMAINS='${NEXTCLOUD_FQDN}' extra_hosts: - "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}" - "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}" image: nextcloud:28 labels: # Watchtower - "com.centurylinklabs.watchtower.enable=true" # Routes - "traefik.enable=true" - "traefik.http.routers.nextcloud.entrypoints=websecure" - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)" - "traefik.http.routers.nextcloud.tls=true" - "traefik.http.routers.nextcloud.tls.certresolver=myresolver" - "traefik.http.services.nextcloud.loadbalancer.server.port=80" # HSTS and Cal Dav - "traefik.http.middlewares.nc-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav" - "traefik.http.middlewares.nc-rep.redirectregex.replacement=https://$$1/remote.php/dav/" - "traefik.http.middlewares.nc-rep.redirectregex.permanent=true" - "traefik.http.middlewares.nc-header.headers.referrerPolicy=no-referrer" - "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000" - "traefik.http.middlewares.nc-header.headers.forceSTSHeader=true" - "traefik.http.middlewares.nc-header.headers.stsPreload=true" - "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true" - "traefik.http.middlewares.nc-header.headers.browserXssFilter=true" - "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https" - "traefik.http.routers.nextcloud.middlewares=nc-rep,nc-header" networks: - default restart: unless-stopped volumes: - ${NEXTCLOUD_ROOT}/html:/var/www/html - ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data nextcloud-cron: image: nextcloud:28 container_name: nextcloud-cron labels: - "com.centurylinklabs.watchtower.enable=true" restart: unless-stopped volumes: - ${NEXTCLOUD_ROOT}/html:/var/www/html - ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data entrypoint: /cron.sh depends_on: - nextcloud-db - nextcloud-redis - nextcloud-collabora nextcloud-coturn: image: coturn/coturn:4 container_name: nextcloud-coturn restart: unless-stopped ports: - "3478:3478/tcp" - "3478:3478/udp" networks: - default command: - -n - --log-file=stdout - --min-port=49160 - --max-port=49200 - --realm=${NEXTCLOUD_FQDN} - --use-auth-secret - --static-auth-secret=${COTURN_SECRET} nextcloud-collabora: image: collabora/code:23.05.9.1.1 container_name: nextcloud-collabora env_file: live.env extra_hosts: - "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}" - "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}" hostname: collabora.sporada.eu labels: # Watchtower - "com.centurylinklabs.watchtower.enable=true" # Routes - "traefik.enable=true" - "traefik.http.routers.collabora.entrypoints=websecure" - "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)" - "traefik.http.routers.collabora.tls.certresolver=myresolver" - "traefik.http.services.collabora.loadbalancer.server.port=9980" restart: unless-stopped networks: - default ports: - "9980:9980" environment: - domain=${COLLABORA_DOMAIN} - server_name=${COLLABORA_FQDN} - username=${COLLABORA_USERNAME} - password=${COLLABORA_PASSWORD} - extra_params=--o:ssl.enable=false --o:ssl.termination=true - VIRTUAL_PROTO=https - VIRTUAL_PORT=9980 - VIRTUAL_HOST=${COLLABORA_FQDN} cap_add: - MKNOD volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro