-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
85 lines (77 loc) · 3.02 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
version: "3"
networks:
proxy:
external: true
nextcloud:
services:
nextcloud-db:
image: mariadb:10.6
container_name: nextcloud-db
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- nextcloud-db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
networks:
- default
nextcloud-redis:
image: redis:6.2.3
container_name: nextcloud-redis
# hostname: nextcloud-redis
networks:
- default
restart: always
command: redis-server --requirepass ${REDIS_PASSWORD}
volumes:
- nextcloud-redis:/var/lib/redis
nextcloud-app:
image: nextcloud:27.0.1
# ports:
# - 8080:80
container_name: nextcloud-app
restart: always
networks:
- proxy
- default
depends_on:
- nextcloud-db
- nextcloud-redis
environment:
OVERWRITEHOST: ${NEXTCLOUD_URL}
REDIS_HOST: nextcloud-redis
REDIS_HOST_PASSWORD: ${REDIS_PASSWORD}
MYSQL_HOST: nextcloud-db:3306
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
volumes:
- ${NEXTCLOUD_WEBROOT}:/var/www/html
- ${NEXTCLOUD_DATA_PATH}:/var/www/html/data
labels:
# Reverse proxy configuration
# https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html
traefik.enable: true
traefik.docker.network: proxy # Specify which network to use for traefik, since there are multiple network defined
traefik.http.routers.nextcloud.rule: Host(`${NEXTCLOUD_URL}`)
traefik.http.routers.nextcloud.entrypoints: https
traefik.http.routers.nextcloud.middlewares: nextcloud_secure_headers,nextcloud_redirectregex
# nextcloud_redirectregex middleware
traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent: true
traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex: "https://(.*)/.well-known/(?:card|cal)dav"
traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement: "https://$${1}/remote.php/dav"
# nextcloud_secure_headers middleware
traefik.http.middlewares.nextcloud_secure_headers.headers.customFrameOptionsValue: ALLOW-FROM https://$NEXTCLOUD_URL
traefik.http.middlewares.nextcloud_secure_headers.headers.contentSecurityPolicy: frame-ancestors 'self' $NEXTCLOUD_URL *.$NEXTCLOUD_URL
traefik.http.middlewares.nextcloud_secure_headers.headers.stsSeconds: 155520011
traefik.http.middlewares.nextcloud_secure_headers.headers.stsIncludeSubdomains: true
traefik.http.middlewares.nextcloud_secure_headers.headers.stsPreload: true
traefik.http.middlewares.nextcloud_secure_headers.headers.customresponseheaders.X-Frame-Options: SAMEORIGIN
volumes:
nextcloud-db:
nextcloud-redis: