From 2d7258086e067f4afa5fe3e927b441e0c22eb227 Mon Sep 17 00:00:00 2001 From: Ismail Yenigul Date: Sun, 10 May 2020 13:47:40 +0300 Subject: [PATCH] multi and single docker-compose deployment Signed-off-by: Ismail Yenigul --- .../README.md | 21 +++++ .../nextcloud/docker-compose.yml | 82 +++++++++++++++++++ .../traefik2/docker-compose.yml | 47 +++++++++++ .../README.md | 16 ++++ .../docker-compose.yml | 4 - 5 files changed, 166 insertions(+), 4 deletions(-) create mode 100644 .examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md create mode 100644 .examples/docker-compose/with-traefik2-postgresql-redis-multi-network/nextcloud/docker-compose.yml create mode 100644 .examples/docker-compose/with-traefik2-postgresql-redis-multi-network/traefik2/docker-compose.yml create mode 100644 .examples/docker-compose/with-traefik2-postgresql-redis-single-network/README.md rename .examples/docker-compose/{with-traefik2-postgresql-redis => with-traefik2-postgresql-redis-single-network}/docker-compose.yml (95%) diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md new file mode 100644 index 00000000..2e0fd409 --- /dev/null +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/README.md @@ -0,0 +1,21 @@ +## Trafik Multi Network Deployment + +1. Create Traefik network + +` # docker network create --driver=bridge --attachable --internal=false traefik ` + +2. Edit `traefik2/docker-compose.yml` for ACME email + +3. Deploy traefik + + `docker-compose -f traefik2/docker-compose.yml up -d` + +4. Edit `nextcloud/docker-compose.yml` + - Change traefik.http.routers.nextcloud.rule Host + - Remove `traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue` and `contentSecurityPolicy` + if you dont need to iframe access from your external website + - Change PostgreSQL environments + - Edit `TRUSTED_PROXIES` with your traefik network address +5. Deploy nextcloud + + `docker-compose -f nextcloud/docker-compose.yml up -d` diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/nextcloud/docker-compose.yml b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/nextcloud/docker-compose.yml new file mode 100644 index 00000000..25a49370 --- /dev/null +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/nextcloud/docker-compose.yml @@ -0,0 +1,82 @@ + +# Create netxcloud network first +# docker network create nextcloud +#NOTES: +#1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com +#2. TRUSTED_PROXIES values based on your 'traefik docker network run docker network inspect traefik' to see the network +#3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and +#traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain +# cat docker-compose.yml + +version: '3.3' + +volumes: + nextcloud-www: + driver: local + nextcloud-db: + driver: local + redis: + driver: local + + +services: + + db: + restart: always + image: postgres:11 + networks: + - nextcloud + environment: + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=password + - POSTGRES_DB=nextcloud + volumes: + - nextcloud-db:/var/lib/postgresql/data + redis: + image: redis:latest + restart: always + networks: + - nextcloud + volumes: + - redis:/var/lib/redis + + nextcloud: + image: nextcloud:latest + restart: always + networks: + - default + - nextcloud + depends_on: + - redis + - db + labels: + - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect + - traefik.http.routers.nextcloud.tls.certresolver=myresolver + - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`) + - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com + - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net + - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011 + - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true + - traefik.http.middlewares.nextcloud.headers.stsPreload=true + - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav + - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/ + environment: + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=password + - POSTGRES_HOST=db + - NEXTCLOUD_ADMIN_USER=admin + - NEXTCLOUD_ADMIN_PASSWORD=adminpass + - REDIS_HOST=redis + - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com + - TRUSTED_PROXIES=172.19.0.0/16 + volumes: + - nextcloud-www:/var/www/html + +networks: + default: + external: + name: traefik + + nextcloud: + internal: true diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/traefik2/docker-compose.yml b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/traefik2/docker-compose.yml new file mode 100644 index 00000000..eb13f0dd --- /dev/null +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-multi-network/traefik2/docker-compose.yml @@ -0,0 +1,47 @@ + +# Create network first +# docker network create --driver=bridge --attachable --internal=false traefik +#NOTES: +#1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com +# cat docker-compose.yml + +version: '3.3' + +volumes: + letsencrypt: + driver: local + + +services: + + traefik: + image: traefik:v2.2 + container_name: traefik + restart: always + command: + - "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.network=traefik" + - "--providers.docker.exposedbydefault=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ports: + - 80:80 + - 443:443 + networks: + - default + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - letsencrypt:/letsencrypt + +networks: + default: + external: + name: traefik diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/README.md b/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/README.md new file mode 100644 index 00000000..286d1291 --- /dev/null +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/README.md @@ -0,0 +1,16 @@ +## Trafik Single Network Deployment + +1. Create a network + +` # docker network create nextcloud ` + +4. Edit `docker-compose.yml` + - Change ACME Email Address + - Change traefik.http.routers.nextcloud.rule Host + - Remove `traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue` and `contentSecurityPolicy` + if you dont need to iframe access from your external website + - Change PostgreSQL environments + - Edit `TRUSTED_PROXIES` with your nextcloud network address +5. Deploy nextcloud + + `docker-compose docker-compose.yml up -d` diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml b/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/docker-compose.yml similarity index 95% rename from .examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml rename to .examples/docker-compose/with-traefik2-postgresql-redis-single-network/docker-compose.yml index d9970159..9bd4fd7d 100644 --- a/.examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml +++ b/.examples/docker-compose/with-traefik2-postgresql-redis-single-network/docker-compose.yml @@ -76,11 +76,7 @@ services: - redis - db labels: - - traefik.protocol=http - - traefik.port=80 - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect - - traefik.http.routers.nextcloud.tls=true - - traefik.http.routers.nextcloud.entrypoints=websecure - traefik.http.routers.nextcloud.tls.certresolver=myresolver - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`) - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com