mirror of
https://github.com/nextcloud/docker.git
synced 2024-11-18 11:06:43 +01:00
109 lines
3.4 KiB
YAML
109 lines
3.4 KiB
YAML
|
|
||
|
# Create network first
|
||
|
# docker network create nextcloud
|
||
|
#NOTES:
|
||
|
#1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com
|
||
|
#2. TRUSTED_PROXIES values based on your 'nexcloud network'
|
||
|
#3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and
|
||
|
#traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain
|
||
|
# cat docker-compose.yml
|
||
|
|
||
|
version: '3.1'
|
||
|
|
||
|
volumes:
|
||
|
nextcloud-www:
|
||
|
driver: local
|
||
|
nextcloud-db:
|
||
|
driver: local
|
||
|
redis:
|
||
|
driver: local
|
||
|
letsencrypt:
|
||
|
driver: local
|
||
|
|
||
|
|
||
|
services:
|
||
|
|
||
|
traefik:
|
||
|
image: traefik:v2.2
|
||
|
container_name: traefik
|
||
|
restart: always
|
||
|
command:
|
||
|
- "--log.level=DEBUG"
|
||
|
- "--api.insecure=true"
|
||
|
- "--providers.docker=true"
|
||
|
- "--providers.docker.exposedbydefault=true"
|
||
|
- "--entrypoints.web.address=:80"
|
||
|
- "--entrypoints.websecure.address=:443"
|
||
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
||
|
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
||
|
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
|
||
|
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
|
||
|
- "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com"
|
||
|
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
||
|
ports:
|
||
|
- 80:80
|
||
|
- 443:443
|
||
|
networks:
|
||
|
- nextcloud
|
||
|
volumes:
|
||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||
|
- letsencrypt:/letsencrypt
|
||
|
db:
|
||
|
restart: always
|
||
|
image: postgres:11
|
||
|
networks:
|
||
|
- nextcloud
|
||
|
environment:
|
||
|
- POSTGRES_USER=nextcloud
|
||
|
- POSTGRES_PASSWORD=password
|
||
|
- POSTGRES_DB=nextcloud
|
||
|
volumes:
|
||
|
- nextcloud-db:/var/lib/postgresql/data
|
||
|
redis:
|
||
|
image: redis:latest
|
||
|
restart: always
|
||
|
networks:
|
||
|
- nextcloud
|
||
|
volumes:
|
||
|
- redis:/var/lib/redis
|
||
|
|
||
|
nextcloud:
|
||
|
image: nextcloud:latest
|
||
|
restart: always
|
||
|
networks:
|
||
|
- nextcloud
|
||
|
depends_on:
|
||
|
- redis
|
||
|
- db
|
||
|
labels:
|
||
|
- traefik.protocol=http
|
||
|
- traefik.port=80
|
||
|
- traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect
|
||
|
- traefik.http.routers.nextcloud.tls=true
|
||
|
- traefik.http.routers.nextcloud.entrypoints=websecure
|
||
|
- traefik.http.routers.nextcloud.tls.certresolver=myresolver
|
||
|
- traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`)
|
||
|
- traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com
|
||
|
- traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net
|
||
|
- traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011
|
||
|
- traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true
|
||
|
- traefik.http.middlewares.nextcloud.headers.stsPreload=true
|
||
|
- traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav
|
||
|
- traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/
|
||
|
environment:
|
||
|
- POSTGRES_DB=nextcloud
|
||
|
- POSTGRES_USER=nextcloud
|
||
|
- POSTGRES_PASSWORD=password
|
||
|
- POSTGRES_HOST=db
|
||
|
- NEXTCLOUD_ADMIN_USER=admin
|
||
|
- NEXTCLOUD_ADMIN_PASSWORD=adminpass
|
||
|
- REDIS_HOST=redis
|
||
|
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com
|
||
|
- TRUSTED_PROXIES=172.18.0.0/16
|
||
|
volumes:
|
||
|
- nextcloud-www:/var/www/html
|
||
|
|
||
|
networks:
|
||
|
nextcloud:
|
||
|
external: true
|