modified: gitea/docker-compose.yml

modified: nextcloud/docker-compose.yml modified: passbolt/docker-compose.yml modified: searxng/docker-compose.yml modified: traefik/docker-compose.yml
2025-08-13 19:55:00 +10:00
parent a134423c9f
commit e320ebd247
5 changed files with 111 additions and 106 deletions
@@ -1,20 +1,10 @@
-#version: "3"
 services:
  webapp:
-    image: nextcloud
+    image: nextcloud:production
    deploy:
-#      resources:
-#        limits:
-#          cpus: '0.3'
-#          memory: 200m
      restart_policy:
        condition: on-failure
        max_attempts: 5
-#    read_only: true
-#    tmpfs:
-#      - /tmp
-#      - /var
-#      - /run
    restart: always
    hostname: nextcloud.lan.ddnsgeek.com
    volumes:
@@ -23,9 +13,6 @@ services:
    depends_on:
      - database
      - redis
-#    ports:
-#      - 8083:80
-#      - 4433:443
    environment:
      - MYSQL_PASSWORD=R1m@dmin
      - MYSQL_DATABASE=nextcloud
@@ -45,9 +32,11 @@ services:
      - SMTP_PASSWORD=uscdbrjunqmkgglf

      - REDIS_HOST=redis
-#      - REDIS_HOST_PASSWORD=R1m@dmin
+      - REDIS_HOST_PORT=6379
+      - REDIS_HOST_PASSWORD=${NEXTCLOUD_REDIS_PASSWORD}
    networks:
-      - traefik_default
+      - traefik_reverse_proxy
+      - internal
    labels:
      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.lan.ddnsgeek.com`)"
      - "traefik.enable=true"
@@ -62,7 +51,7 @@ services:
      - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.regex=https://(.*)/.well-known/webfinger"
      - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.replacement=https://$${1}/nextcloud/index.php/.well-known/webfinger"
-
+      - "traefik.docker.network=traefik_reverse_proxy"
 #      - "traefik.http.middlewares.nextcloudHeader.headers.stsSeconds=15552000"
 #      - "traefik.http.middlewares.nextcloudHeader.headers.stsIncludeSubdomains=true"
 #      - "traefik.http.middlewares.nextcloudHeader.headers.stsPreload=true"
@@ -73,23 +62,33 @@ services:
 #      - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex='https://(.*)/.well-known/(?:card|cal)dav'"
 #      - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement='https://$${1}/remote.php/dav'"

+#    healthcheck:
+#      test: >
+#        CMD-SHELL
+#        php -r '$f=fsockopen("127.0.0.1",80,$e,$s,2); if(!$f) exit(1);
+#        fwrite($f,"GET /status.php HTTP/1.0\r\nHost: localhost\r\n\r\n");
+#        $o=""; while(!feof($f)){$o.=fgets($f,128);} fclose($f);
+#        if(strpos($o,"\"installed\":true")===false) exit(1);'
+#      test: "curl -fsS http://127.0.0.1/status.php | grep -q '\"installed\":true'"
+#      test: >
+#        CMD-SHELL
+#        'c=$(curl -fsS -o /dev/null -w "%{http_code}" http://127.0.0.1/status.php) \
+#         && [ "$c" -ge 200 ] && [ "$c" -lt 400 ] \
+#         && curl -fsS http://127.0.0.1/status.php | grep -q "\"installed\":true"'
+#      interval: 15s
+#      timeout: 5s
+#      retries: 10
+#      start_period: 120s
+
+
+
+
  database:
-    image: mariadb:11.4
-#    image: mariadb
-#    read_only: true
-#    tmpfs:
-#      - /tmp
-#      - /var
-#      - /run
-#      - /docker-entrypoint-initdb.d
+    image: mariadb:12
    restart: always
    hostname: nextcloud_db
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    deploy:
-#      resources:
-#        limits:
-#          cpus: '0.3'
-#          memory: 300m
      restart_policy:
        condition: on-failure
        max_attempts: 5
@@ -104,41 +103,44 @@ services:
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=R1m@dmin
    networks:
-      - traefik_default
-    healthcheck:
-      test: "/usr/bin/mysql --user=nextcloud --password=R1m@dmin --execute \"SHOW DATABASES;\""
+      - internal
+#    healthcheck:
+#      test: "/usr/bin/mysql --user=nextcloud --password=R1m@dmin --execute \"SHOW DATABASES;\""
    labels:
      - "io.portainer.accesscontrol.public"
+    healthcheck:
+      test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -u\"$$MARIADB_USER\" -p\"$$MARIADB_PASSWORD\" --silent"]
+      interval: 10s
+      timeout: 5s
+      retries: 12
+      start_period: 60s
+
+
  redis:
    image: "redis"
-#    read_only: true
-#    tmpfs:
-#      - /tmp
-#      - /var
-#      - /run
    deploy:
-#      resources:
-#        limits:
-#          cpus: '0.3'
-#          memory: 150m
      restart_policy:
        condition: on-failure
        max_attempts: 5
-    command: redis-server --save 60 1 --loglevel warning
-    environment:
-      - REDIS_OVERCOMMIT_MEMORY=1
-      - REDIS_ARGS="--requirepass R1m@dmin --user redis on >password ~* allcommands --user default off nopass nocommands"
+    command: ["redis-server", "--requirepass", "${NEXTCLOUD_REDIS_PASSWORD}", "--appendonly", "yes", "--save", "60", "1000"]
    hostname: redis
-#    user: "linode"
    volumes:
      - ./data/redis:/data:rw
-#      - ./config.yaml:/opt/doods/config.yaml
    restart: unless-stopped
    networks:
-      - traefik_default
+      - internal
    labels:
      - "io.portainer.accesscontrol.public"
+ #   healthcheck:
+ #     test: ["CMD-SHELL", "redis-cli -a $$NEXTCLOUD_REDIS_PASSWORD PING | grep -q PONG"]
+ #     interval: 10s
+ #     timeout: 5s
+#      retries: 6
+#      start_period: 10s
+

 networks:
-  traefik_default:
+  traefik_reverse_proxy:
    external: true
+  internal:
+    driver: bridge