selfhosted-traefik/nextcloud/docker-compose.yml

158 lines
5.4 KiB
YAML

networks:
default:
name: traefik_default
external: true
services:
nextcloud-db:
env_file: live.env
image: mariadb:10.11
container_name: nextcloud-db
command:
--transaction-isolation=READ-COMMITTED --log-bin=ROW
--log_bin_trust_function_creators=true
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
- default
ports:
- 3306:3306
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ${NEXTCLOUD_ROOT}/mariadb:/var/lib/mysql
- ${NEXTCLOUD_ROOT}/mariadb-conf/docker.cnf:/etc/mysql/conf.d/docker.cnf:ro
nextcloud-redis:
image: redis:6-alpine
container_name: nextcloud-redis
command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
- default
restart: unless-stopped
volumes:
- ${NEXTCLOUD_ROOT}/redis:/data
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
nextcloud-app:
depends_on:
- nextcloud-db
- nextcloud-redis
container_name: nextcloud-app
command: >
bash -c 'chown -R www-data:www-data ${NEXTCLOUD_DATA_DIR} && chown -R www-data:www-data /var/www/html && chmod 755 ${NEXTCLOUD_DATA_DIR}/.ocdata && /entrypoint.sh apache2-foreground'
env_file: live.env
environment:
- NEXTCLOUD_TRUSTED_DOMAINS='${NEXTCLOUD_FQDN}'
- NEXTCLOUD_DATA_DIR='${NEXTCLOUD_DATA_DIR}'
extra_hosts:
- "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}"
- "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}"
build:
context: ./
dockerfile: Dockerfile
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
# Routes
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.entrypoints=websecure"
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)"
- "traefik.http.routers.nextcloud.tls=true"
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
# HSTS and Cal Dav
- "traefik.http.middlewares.nc-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nc-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
- "traefik.http.middlewares.nc-rep.redirectregex.permanent=true"
- "traefik.http.middlewares.nc-header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000"
- "traefik.http.middlewares.nc-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.nc-header.headers.stsPreload=true"
- "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nc-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.routers.nextcloud.middlewares=nc-rep,nc-header"
networks:
- default
restart: unless-stopped
volumes:
- ${NEXTCLOUD_ROOT}/html:/var/www/html
- ${NEXTCLOUD_ROOT}/data:${NEXTCLOUD_DATA_DIR}
nextcloud-cron:
image: nextcloud:28
container_name: nextcloud-cron
command: >
bash -c 'chown -R www-data:www-data ${NEXTCLOUD_DATA_DIR} && chown -R www-data:www-data /var/www/html && chmod 755 ${NEXTCLOUD_DATA_DIR}/.ocdata && /entrypoint.sh apache2-foreground'
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
volumes:
- ${NEXTCLOUD_ROOT}/html:/var/www/html
- ${NEXTCLOUD_ROOT}/data:${NEXTCLOUD_DATA_DIR}
entrypoint: /cron.sh
depends_on:
- nextcloud-db
- nextcloud-redis
- nextcloud-collabora
nextcloud-coturn:
image: coturn/coturn:4
container_name: nextcloud-coturn
restart: unless-stopped
ports:
- "3478:3478/tcp"
- "3478:3478/udp"
networks:
- default
command:
- -n
- --log-file=stdout
- --min-port=49160
- --max-port=49200
- --realm=${NEXTCLOUD_FQDN}
- --use-auth-secret
- --static-auth-secret=${COTURN_SECRET}
nextcloud-collabora:
image: collabora/code:23.05.9.1.1
container_name: nextcloud-collabora
env_file: live.env
extra_hosts:
- "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}"
- "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}"
hostname: collabora.sporada.eu
labels:
# Watchtower
- "com.centurylinklabs.watchtower.enable=true"
# Routes
- "traefik.enable=true"
- "traefik.http.routers.collabora.entrypoints=websecure"
- "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)"
- "traefik.http.routers.collabora.tls.certresolver=myresolver"
- "traefik.http.services.collabora.loadbalancer.server.port=9980"
restart: unless-stopped
networks:
- default
ports:
- "9980:9980"
environment:
- domain=${COLLABORA_DOMAIN}
- server_name=${COLLABORA_FQDN}
- username=${COLLABORA_USERNAME}
- password=${COLLABORA_PASSWORD}
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
- VIRTUAL_PROTO=https
- VIRTUAL_PORT=9980
- VIRTUAL_HOST=${COLLABORA_FQDN}
cap_add:
- MKNOD
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro