-
-
Notifications
You must be signed in to change notification settings - Fork 142
/
nextcloud.yml
110 lines (102 loc) · 4.67 KB
/
nextcloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# DOMAIN=example.com docker stack deploy -c nextcloud.yml nextcloud
# php occ user:add -g admin <username> # Add admin user
# php occ app:update --all # Update all apps
# php occ --no-warnings app:install richdocuments
# php occ --no-warnings app:enable richdocuments
# php occ --no-warnings config:app:set richdocuments wopi_url --value="https://collabora.localhost"
# php occ --no-warnings config:app:set richdocuments wopi_allowlist --value=10.0.0.0/8
# php occ --no-warnings config:system:set maintenance_window_start --type=integer --value=1
x-nextcloud: &nextcloud
image: nextcloud:${VERSION:-30.0.2-fpm-alpine}
environment:
- DOMAIN=${DOMAIN:-nextcloud.localhost}
- MYSQL_HOST=mariadb
- MYSQL_DATABASE=${MYSQL_DATABASE:-nextcloud}
- MYSQL_USER=${MYSQL_USER:-nextcloud}
- MYSQL_PASSWORD=${MYSQL_PASSWORD:-myp@ssw0rd}
- NEXTCLOUD_UPDATE=${NEXTCLOUD_UPDATE:-1}
- FORCE_LANGUAGE=${FORCE_LANGUAGE:-en}
- OVERWRITEHOST=${DOMAIN:-nextcloud.localhost}
- OVERWRITEPROTOCOL=${OVERWRITEPROTOCOL:-https}
- TRUSTED_PROXIES=${TRUSTED_PROXIES:-10.0.0.0/8 172.16.0.0/12}
- REDIS_HOST=redis
- REDIS_HOST_PASSWORD=myp@ssw0rd
- OBJECTSTORE_S3_HOST=${OBJECTSTORE_S3_HOST}
- OBJECTSTORE_S3_BUCKET=${OBJECTSTORE_S3_BUCKET}
- OBJECTSTORE_S3_KEY=${OBJECTSTORE_S3_KEY}
- OBJECTSTORE_S3_SECRET=${OBJECTSTORE_S3_SECRET}
- OBJECTSTORE_S3_PORT=${OBJECTSTORE_S3_PORT}
- OBJECTSTORE_S3_SSL=${OBJECTSTORE_S3_SSL}
- OBJECTSTORE_S3_REGION=${OBJECTSTORE_S3_REGION}
- OBJECTSTORE_S3_USEPATH_STYLE=${OBJECTSTORE_S3_USEPATH_STYLE}
- OBJECTSTORE_S3_OBJECT_PREFIX=${OBJECTSTORE_S3_OBJECT_PREFIX}
- NC_default_phone_region=${NC_default_phone_region:-FR}
- NC_maintenance_window_start=1
volumes:
- ${VOLUME_PATH}nextcloud:/var/www/html:cached
networks:
- internal
- traefik
services:
nginx:
image: ethibox/nginx-proxy:latest
environment:
- NGINX_TEMPLATE=${NGINX_TEMPLATE:-/etc/nginx/nextcloud.template}
- SERVER_NAME={{ index .Service.Labels "com.docker.stack.namespace" }}_app
volumes:
- ${VOLUME_PATH}nextcloud:/var/www/html:cached
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.nextcloud-${NUMBER:-1}.rule=Host(`${DOMAIN:-nextcloud.localhost}`)
- traefik.http.routers.nextcloud-${NUMBER:-1}.entrypoints=${SCHEME:-https}
- traefik.http.routers.nextcloud-${NUMBER:-1}.service=nextcloud-${NUMBER:-1}
- traefik.http.routers.nextcloud-${NUMBER:-1}.tls.certresolver=letsencrypt
- traefik.http.routers.nextcloud-${NUMBER:-1}.middlewares=nextcloud-${NUMBER:-1},nextcloud-${NUMBER:-1}-redirect,nextcloud-${NUMBER:-1}-redirect2
- traefik.http.services.nextcloud-${NUMBER:-1}.loadbalancer.server.port=80
- traefik.http.middlewares.nextcloud-${NUMBER:-1}.headers.customRequestHeaders.X-Forwarded-Proto=${SCHEME:-https}
- traefik.http.middlewares.nextcloud-${NUMBER:-1}.headers.customResponseHeaders.Referrer-Policy=no-referrer
- traefik.http.middlewares.nextcloud-${NUMBER:-1}.headers.customResponseHeaders.Strict-Transport-Security=max-age=31536000
- traefik.http.middlewares.nextcloud-${NUMBER:-1}.headers.customResponseHeaders.X-Frame-Options=SAMEORIGIN
- traefik.http.middlewares.nextcloud-${NUMBER:-1}.headers.customResponseHeaders.X-Robots-Tag=noindex,nofollow
- traefik.http.middlewares.nextcloud-${NUMBER:-1}-redirect.redirectregex.regex=/.well-known/(card|cal)dav
- traefik.http.middlewares.nextcloud-${NUMBER:-1}-redirect.redirectregex.replacement=/remote.php/dav/
- traefik.http.middlewares.nextcloud-${NUMBER:-1}-redirect.redirectregex.permanent=true
- traefik.http.middlewares.nextcloud-${NUMBER:-1}-redirect2.replacepathregex.regex=^(/.well-known.*)
- traefik.http.middlewares.nextcloud-${NUMBER:-1}-redirect2.replacepathregex.replacement=/index.php$${1}
networks:
- internal
- traefik
app:
<<: *nextcloud
cron:
<<: *nextcloud
entrypoint: /cron.sh
mariadb:
image: mariadb:${MARIADB_VERSION:-10.5.9}
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-myp@ssw0rd}
- MYSQL_USER=${MYSQL_USER:-nextcloud}
- MYSQL_DATABASE=${MYSQL_DATABASE:-nextcloud}
- MYSQL_PASSWORD=${MYSQL_PASSWORD:-myp@ssw0rd}
volumes:
- ${VOLUME_PATH}mariadb:/var/lib/mysql
networks:
- internal
redis:
image: redis:6-alpine
environment:
- REDIS_HOST_PASSWORD=myp@ssw0rd
command: /bin/sh -c 'redis-server --requirepass $$REDIS_HOST_PASSWORD'
networks:
- internal
volumes:
nextcloud:
mariadb:
networks:
internal:
driver: overlay
attachable: true
traefik:
external: true
name: traefik-net