From 4033a1bf4c99bc063a7489bc6a8f57d386beee3e Mon Sep 17 00:00:00 2001 From: ismail yenigul Date: Sun, 10 May 2020 01:33:17 +0300 Subject: [PATCH] docker-compose with traefik 2.0 Also postgresql, redis deployment Signed-off-by: Ismail Yenigul --- .../docker-compose.yml | 108 ++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 .examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml diff --git a/.examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml b/.examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml new file mode 100644 index 00000000..d9970159 --- /dev/null +++ b/.examples/docker-compose/with-traefik2-postgresql-redis/docker-compose.yml @@ -0,0 +1,108 @@ + +# Create network first +# docker network create nextcloud +#NOTES: +#1. certificatesresolvers.myresolver.acme.email=myemail@gmail.com +#2. TRUSTED_PROXIES values based on your 'nexcloud network' +#3. remove traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy and +#traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue if you don't want to allow iframe your domain +# cat docker-compose.yml + +version: '3.1' + +volumes: + nextcloud-www: + driver: local + nextcloud-db: + driver: local + redis: + driver: local + letsencrypt: + driver: local + + +services: + + traefik: + image: traefik:v2.2 + container_name: traefik + restart: always + command: + - "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.myresolver.acme.email=myemail@gmail.com" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ports: + - 80:80 + - 443:443 + networks: + - nextcloud + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - letsencrypt:/letsencrypt + db: + restart: always + image: postgres:11 + networks: + - nextcloud + environment: + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=password + - POSTGRES_DB=nextcloud + volumes: + - nextcloud-db:/var/lib/postgresql/data + redis: + image: redis:latest + restart: always + networks: + - nextcloud + volumes: + - redis:/var/lib/redis + + nextcloud: + image: nextcloud:latest + restart: always + networks: + - nextcloud + depends_on: + - redis + - db + labels: + - traefik.protocol=http + - traefik.port=80 + - traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect + - traefik.http.routers.nextcloud.tls=true + - traefik.http.routers.nextcloud.entrypoints=websecure + - traefik.http.routers.nextcloud.tls.certresolver=myresolver + - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mydomain.com`) + - traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://mydomain.com + - traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' mydomain.com *.mydomain.net + - traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011 + - traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true + - traefik.http.middlewares.nextcloud.headers.stsPreload=true + - traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav + - traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/ + environment: + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=password + - POSTGRES_HOST=db + - NEXTCLOUD_ADMIN_USER=admin + - NEXTCLOUD_ADMIN_PASSWORD=adminpass + - REDIS_HOST=redis + - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.mydomain.com + - TRUSTED_PROXIES=172.18.0.0/16 + volumes: + - nextcloud-www:/var/www/html + +networks: + nextcloud: + external: true