From 4033a1bf4c99bc063a7489bc6a8f57d386beee3e Mon Sep 17 00:00:00 2001 From: ismail yenigul Date: Sun, 10 May 2020 01:33:17 +0300 Subject: [PATCH 1/5] docker-compose with traefik 2.0 Also postgresql, redis deployment Signed-off-by: Ismail Yenigul --- .../docker-compose.yml | 108 ++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 .examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml b/.examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml new file mode 100644 index 00000000..d9970159 --- /dev/null +++ b/.examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml @@ -0,0 +1,108 @@ + +# Create network first +# docker network create nextcloud +#NOTES: +#1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com +#2. TRUSTED_PROXIES values based on your 'nexcloud network' +#3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and +#traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain +# cat docker-compose.yml + +version: '3.1' + +volumes: + nextcloud-www: + driver: local + nextcloud-db: + driver: local + redis: + driver: local + letsencrypt: + driver: local + + +services: + + traefik: + image: traefik:v2.2 + container_name: traefik + restart: always + command: + - "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ports: + - 80:80 + - 443:443 + networks: + - nextcloud + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - letsencrypt:/letsencrypt + db: + restart: always + image: postgres:11 + networks: + - nextcloud + environment: + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=password + - POSTGRES_DB=nextcloud + volumes: + - nextcloud-db:/var/lib/postgresql/data + redis: + image: redis:latest + restart: always + networks: + - nextcloud + volumes: + - redis:/var/lib/redis + + nextcloud: + image: nextcloud:latest + restart: always + networks: + - nextcloud + depends_on: + - redis + - db + labels: + - traefik.protocol=http + - traefik.port=80 + - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect + - traefik.http.routers.nextcloud.tls=true + - traefik.http.routers.nextcloud.entrypoints=websecure + - traefik.http.routers.nextcloud.tls.certresolver=myresolver + - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`) + - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com + - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net + - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011 + - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true + - traefik.http.middlewares.nextcloud.headers.stsPreload=true + - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav + - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/ + environment: + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=password + - POSTGRES_HOST=db + - NEXTCLOUD_ADMIN_USER=admin + - NEXTCLOUD_ADMIN_PASSWORD=adminpass + - REDIS_HOST=redis + - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com + - TRUSTED_PROXIES=172.18.0.0/16 + volumes: + - nextcloud-www:/var/www/html + +networks: + nextcloud: + external: true From 8c9c79ed130a7014394302f300c6a94a03fa5636 Mon Sep 17 00:00:00 2001 From: ismail yenigul Date: Sun, 10 May 2020 01:36:19 +0300 Subject: [PATCH 2/5] traefik 2.0 reference Signed-off-by: Ismail Yenigul --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 9d79a629..a32ca1bb 100644 --- a/README.md +++ b/README.md @@ -345,6 +345,8 @@ We recommend using a reverse proxy in front of our Nextcloud installation. Your In our [examples](https://github.com/nextcloud/docker/tree/master/.examples) section we have an example for a fully automated setup using a reverse proxy, a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling, database and Nextcloud. It uses the popular [nginx-proxy](https://github.com/jwilder/nginx-proxy) and [docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers. Please check the according documentations before using this setup. +You can also use Traefik 2.0 as a reverse proxy. You can find sample docker-compose files in [examples](https://github.com/nextcloud/docker/tree/master/.examples) + # First use When you first access your Nextcloud, the setup wizard will appear and ask you to choose an administrator account username, password and the database connection. For the database use `db` as host and `nextcloud` as table and user name. Also enter the password you chose in your `docker-compose.yml` file. From 3fc0c5f09e9be975adcef15df71f2348084549a5 Mon Sep 17 00:00:00 2001 From: ismail yenigul Date: Sun, 10 May 2020 01:41:10 +0300 Subject: [PATCH 3/5] traefik docker-compose example url update Signed-off-by: Ismail Yenigul --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a32ca1bb..7d8e3bcc 100644 --- a/README.md +++ b/README.md @@ -345,7 +345,7 @@ We recommend using a reverse proxy in front of our Nextcloud installation. Your In our [examples](https://github.com/nextcloud/docker/tree/master/.examples) section we have an example for a fully automated setup using a reverse proxy, a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling, database and Nextcloud. It uses the popular [nginx-proxy](https://github.com/jwilder/nginx-proxy) and [docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers. Please check the according documentations before using this setup. -You can also use Traefik 2.0 as a reverse proxy. You can find sample docker-compose files in [examples](https://github.com/nextcloud/docker/tree/master/.examples) +You can also use [Traefik 2.0](https://github.com/containous/traefik) as a reverse proxy. It is single docker image that handle reverse proxy and Let's Encrypt certicate. You can find sample docker-compose files in [examples](https://github.com/nextcloud/docker/tree/master/.examples/docker-compose) # First use When you first access your Nextcloud, the setup wizard will appear and ask you to choose an administrator account username, password and the database connection. For the database use `db` as host and `nextcloud` as table and user name. Also enter the password you chose in your `docker-compose.yml` file. From 2d7258086e067f4afa5fe3e927b441e0c22eb227 Mon Sep 17 00:00:00 2001 From: Ismail Yenigul Date: Sun, 10 May 2020 13:47:40 +0300 Subject: [PATCH 4/5] multi and single docker-compose deployment Signed-off-by: Ismail Yenigul --- .../README.md | 21 +++++ .../nextcloud/docker-compose.yml | 82 +++++++++++++++++++ .../traefik2/docker-compose.yml | 47 +++++++++++ .../README.md | 16 ++++ .../docker-compose.yml | 4 - 5 files changed, 166 insertions(+), 4 deletions(-) create mode 100644 .examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md create mode 100644 .examples/docker-compose/with-traefik2-postgresql-redis-multi-network/nextcloud/docker-compose.yml create mode 100644 .examples/docker-compose/with-traefik2-postgresql-redis-multi-network/traefik2/docker-compose.yml create mode 100644 .examples/docker-compose/with-traefik2-postgresql-redis-single-network/README.md rename .examples/docker-compose/{with-traefik2-postgresql-redis => with-traefik2-postgresql-redis-single-network}/docker-compose.yml (95%) diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md new file mode 100644 index 00000000..2e0fd409 --- /dev/null +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md @@ -0,0 +1,21 @@ +## Trafik Multi Network Deployment + +1. Create Traefik network + +` # docker network create --driver=bridge --attachable --internal=false traefik ` + +2. Edit `traefik2/docker-compose.yml` for ACME email + +3. Deploy traefik + + `docker-compose -f traefik2/docker-compose.yml up -d` + +4. Edit `nextcloud/docker-compose.yml` + - Change traefik.http.routers.nextcloud.rule Host + - Remove `traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue` and `contentSecurityPolicy` + if you dont need to iframe access from your external website + - Change PostgreSQL environments + - Edit `TRUSTED_PROXIES` with your traefik network address +5. Deploy nextcloud + + `docker-compose -f nextcloud/docker-compose.yml up -d` diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/nextcloud/docker-compose.yml b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/nextcloud/docker-compose.yml new file mode 100644 index 00000000..25a49370 --- /dev/null +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/nextcloud/docker-compose.yml @@ -0,0 +1,82 @@ + +# Create netxcloud network first +# docker network create nextcloud +#NOTES: +#1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com +#2. TRUSTED_PROXIES values based on your 'traefik docker network run docker network inspect traefik' to see the network +#3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and +#traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain +# cat docker-compose.yml + +version: '3.3' + +volumes: + nextcloud-www: + driver: local + nextcloud-db: + driver: local + redis: + driver: local + + +services: + + db: + restart: always + image: postgres:11 + networks: + - nextcloud + environment: + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=password + - POSTGRES_DB=nextcloud + volumes: + - nextcloud-db:/var/lib/postgresql/data + redis: + image: redis:latest + restart: always + networks: + - nextcloud + volumes: + - redis:/var/lib/redis + + nextcloud: + image: nextcloud:latest + restart: always + networks: + - default + - nextcloud + depends_on: + - redis + - db + labels: + - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect + - traefik.http.routers.nextcloud.tls.certresolver=myresolver + - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`) + - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com + - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net + - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011 + - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true + - traefik.http.middlewares.nextcloud.headers.stsPreload=true + - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav + - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/ + environment: + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=password + - POSTGRES_HOST=db + - NEXTCLOUD_ADMIN_USER=admin + - NEXTCLOUD_ADMIN_PASSWORD=adminpass + - REDIS_HOST=redis + - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com + - TRUSTED_PROXIES=172.19.0.0/16 + volumes: + - nextcloud-www:/var/www/html + +networks: + default: + external: + name: traefik + + nextcloud: + internal: true diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/traefik2/docker-compose.yml b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/traefik2/docker-compose.yml new file mode 100644 index 00000000..eb13f0dd --- /dev/null +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/traefik2/docker-compose.yml @@ -0,0 +1,47 @@ + +# Create network first +# docker network create --driver=bridge --attachable --internal=false traefik +#NOTES: +#1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com +# cat docker-compose.yml + +version: '3.3' + +volumes: + letsencrypt: + driver: local + + +services: + + traefik: + image: traefik:v2.2 + container_name: traefik + restart: always + command: + - "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.network=traefik" + - "--providers.docker.exposedbydefault=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ports: + - 80:80 + - 443:443 + networks: + - default + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - letsencrypt:/letsencrypt + +networks: + default: + external: + name: traefik diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/README.md b/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/README.md new file mode 100644 index 00000000..286d1291 --- /dev/null +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/README.md @@ -0,0 +1,16 @@ +## Trafik Single Network Deployment + +1. Create a network + +` # docker network create nextcloud ` + +4. Edit `docker-compose.yml` + - Change ACME Email Address + - Change traefik.http.routers.nextcloud.rule Host + - Remove `traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue` and `contentSecurityPolicy` + if you dont need to iframe access from your external website + - Change PostgreSQL environments + - Edit `TRUSTED_PROXIES` with your nextcloud network address +5. Deploy nextcloud + + `docker-compose docker-compose.yml up -d` diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml b/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/docker-compose.yml similarity index 95% rename from .examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml rename to .examples/docker-compose/with-traefik2-postgresql-redis-single-network/docker-compose.yml index d9970159..9bd4fd7d 100644 --- a/.examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/docker-compose.yml @@ -76,11 +76,7 @@ services: - redis - db labels: - - traefik.protocol=http - - traefik.port=80 - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect - - traefik.http.routers.nextcloud.tls=true - - traefik.http.routers.nextcloud.entrypoints=websecure - traefik.http.routers.nextcloud.tls.certresolver=myresolver - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`) - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com From f737f496624e7e0e64909fd9197d3b5c66a21566 Mon Sep 17 00:00:00 2001 From: Ismail Yenigul Date: Sun, 10 May 2020 13:53:36 +0300 Subject: [PATCH 5/5] multi and single docker-compose deployment README update Signed-off-by: Ismail Yenigul --- .../with-traefik2-postgresql-redis-multi-network/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md index 2e0fd409..5212a159 100644 --- a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md @@ -4,7 +4,9 @@ ` # docker network create --driver=bridge --attachable --internal=false traefik ` -2. Edit `traefik2/docker-compose.yml` for ACME email +2. Edit `traefik2/docker-compose.yml` + - Change ACME email + - Change --providers.docker.network=traefik value if you created different network then `traefik` 3. Deploy traefik