Jan Beilicke
d860a9c086
Streaming videos had been a pain with the default Nextcloud Docker image which uses Apache. This PR will replace that Docker image with Nextcloud 27 FPM and provides an Nginx to serve the app. Additionally, with moving from the latest Nextcloud (-Apache) image to a pinned version, it will be way clearer, which version is about to be deployed, major upgrades have to be done consciously and without skipping major versions which Nextcloud does not support. Co-authored-by: Jan Beilicke <dev@jotbe.io> Reviewed-on: #2
91 lines
No EOL
3.4 KiB
Django/Jinja
91 lines
No EOL
3.4 KiB
Django/Jinja
version: '3'
|
|
|
|
networks:
|
|
public:
|
|
external:
|
|
name: traefik_public
|
|
|
|
services:
|
|
mysqldb:
|
|
image: mariadb:10.4.11
|
|
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
|
volumes:
|
|
- mysqldb:/var/lib/mysql
|
|
- /etc/localtime:/etc/localtime:ro
|
|
env_file:
|
|
- db.env
|
|
{% if nextcloud_enable_restic_compose_backup %}
|
|
labels:
|
|
- "restic-compose-backup.mariadb=true"
|
|
{% endif %}
|
|
restart: unless-stopped
|
|
|
|
nextcloud-app:
|
|
image: nextcloud:27-fpm
|
|
container_name: nextcloud-app
|
|
depends_on:
|
|
- mysqldb
|
|
volumes:
|
|
- nextcloud:/var/www/html
|
|
- /etc/localtime:/etc/localtime:ro
|
|
env_file:
|
|
- nextcloud.env
|
|
|
|
web:
|
|
image: nginx
|
|
restart: always
|
|
depends_on:
|
|
- nextcloud-app
|
|
volumes:
|
|
- ./nginx.conf:/etc/nginx/nginx.conf:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- nextcloud:/var/www/html
|
|
networks:
|
|
- public
|
|
- default
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=traefik_public"
|
|
- "traefik.http.routers.nextcloud.rule=Host(`{{ nextcloud_virtual_host }}`)"
|
|
- "traefik.http.routers.nextcloud.entrypoints=websecure"
|
|
- "traefik.http.routers.nextcloud.tls=true"
|
|
- "traefik.http.routers.nextcloud.tls.certresolver=defaultresolver"
|
|
- "traefik.http.middlewares.nextcloud-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
|
|
- "traefik.http.middlewares.nextcloud-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
|
|
- "traefik.http.middlewares.nextcloud-rep.redirectregex.permanent=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.SSLRedirect=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.browserXSSFilter=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.forceSTSHeader=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.STSSeconds=315360000"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.STSIncludeSubdomains=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.STSPreload=true"
|
|
- "traefik.http.middlewares.nextcloud-headers.headers.featurePolicy=payment 'none'"
|
|
- "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=SAMEORIGIN"
|
|
#- "traefik.http.middlewares.nextcloud-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
|
|
- "traefik.http.routers.nextcloud.middlewares=nextcloud-rep,nextcloud-headers"
|
|
{% if nextcloud_enable_restic_compose_backup %}
|
|
- "restic-compose-backup.volumes=true"
|
|
- "restic-compose-backup.volumes.include=nextcloud"
|
|
{% endif %}
|
|
restart: unless-stopped
|
|
|
|
{% if nextcloud_enable_restic_compose_backup %}
|
|
# The backup service
|
|
backup:
|
|
image: zettaio/restic-compose-backup:0.4.2
|
|
env_file:
|
|
- restic-compose-backup.env
|
|
volumes:
|
|
# We need to communicate with docker
|
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
# Persistent storage of restic cache (greatly speeds up all restic operations)
|
|
- backup-cache:/cache
|
|
{% endif %}
|
|
|
|
volumes:
|
|
mysqldb:
|
|
nextcloud:
|
|
{% if nextcloud_enable_restic_compose_backup %}
|
|
backup-cache:
|
|
{% endif %} |