services: nextcloud-webapp: profiles: ["apps","all","nextcloud"] build: context: ${PROJECT_ROOT}/apps/nextcloud container_name: nextcloud-webapp restart: always hostname: ${NEXTCLOUD_TRUSTED_DOMAINS} # env_file: # - ${SECRETS_ENV_FILE} volumes: - ${PROJECT_ROOT}/apps/nextcloud/data:/var/www/html/data:rw - ${PROJECT_ROOT}/apps/nextcloud/config:/var/www/html/config:rw - type: tmpfs target: /tmp:exec depends_on: - nextcloud-db - nextcloud-redis environment: - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password - MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE} - MYSQL_USER=${NEXTCLOUD_DB_USER} - MYSQL_HOST=${NEXTCLOUD_MYSQL_HOST} - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS} - OVERWRITEPROTOCOL=${NEXTCLOUD_OVERWRITEPROTOCOL} - OVERWRITECLIURL=${NEXTCLOUD_OVERWRITECLIURL} - SMTP_HOST=${NEXTCLOUD_SMTP_HOST} - SMTP_SECURE=${NEXTCLOUD_SMTP_SECURE} - SMTP_PORT=${NEXTCLOUD_SMTP_PORT} - SMTP_AUTHTYPE=${NEXTCLOUD_SMTP_AUTHTYPE} - MAIL_FROM_ADDRESS=${NEXTCLOUD_SMTP_FROM_ADDRESS} - MAIL_DOMAIN=${NEXTCLOUD_SMTP_DOMAIN} - SMTP_NAME=${NEXTCLOUD_SMTP_NAME} - SMTP_PASSWORD_FILE=/run/secrets/nextcloud_smtp_password - REDIS_HOST=${NEXTCLOUD_REDIS_HOST} - REDIS_HOST_PORT=${NEXTCLOUD_REDIS_HOST_PORT} - REDIS_HOST_PASSWORD_FILE=/run/secrets/nextcloud_redis_password secrets: - nextcloud_db_password - nextcloud_smtp_password - nextcloud_redis_password networks: - traefik - nextcloud labels: - "traefik.http.routers.nextcloud.rule=Host(`${NEXTCLOUD_TRUSTED_DOMAINS}`)" - "traefik.enable=true" - "traefik.http.routers.nextcloud.entrypoints=websecure" - "traefik.http.routers.nextcloud.tls.certresolver=myresolver" - "io.portainer.accesscontrol.public" - "traefik.http.routers.nextcloud.middlewares=nextcloud-dav, nextcloud-webfinger" - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" - "traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.regex=^/.well-known/nodeinfo" - "traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.replacement=/nextcloud/index.php/.well-known/nodeinfo/" - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.permanent=true" - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.regex=https://(.*)/.well-known/webfinger" - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.replacement=https://$${1}/nextcloud/index.php/.well-known/webfinger" - "traefik.docker.network=core_traefik" healthcheck: test: - CMD-SHELL - >- php -r '$$f=@fsockopen("127.0.0.1",80,$$e,$$s,2); if(!$$f) exit(1); fwrite($$f,"GET /status.php HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n"); $$o=""; while(!feof($$f)){$$o.=fgets($$f,1024);} fclose($$f); if(strpos($$o,"\"installed\":true")===false) exit(1);' interval: 30s timeout: 5s retries: 6 start_period: 180s nextcloud-db: image: mariadb:11.4 restart: always profiles: ["apps","all","nextcloud"] container_name: nextcloud-db hostname: nextcloud_db command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW # env_file: # - ${PROJECT_ROOT}/secrets/stack-secrets.env volumes: - ${PROJECT_ROOT}/apps/nextcloud/database:/var/lib/mysql:rw environment: - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/nextcloud_db_root_password - MYSQL_PASSWORD_FILE=/run/secrets/nextcloud_db_password - MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE} - MYSQL_USER=${NEXTCLOUD_DB_USER} - MARIADB_AUTO_UPGRADE=${NEXTCLOUD_MARIADB_AUTO_UPGRADE} - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password secrets: - nextcloud_db_root_password - nextcloud_db_password - nextcloud_admin_password networks: - nextcloud labels: - "io.portainer.accesscontrol.public" healthcheck: test: ["CMD-SHELL", "mariadb-admin ping -u $$MYSQL_USER --password=$$(cat /run/secrets/nextcloud_db_password) --silent"] interval: 10s timeout: 5s retries: 12 start_period: 60s nextcloud-redis: image: "redis" profiles: ["apps","all","nextcloud"] command: ["sh", "-c", "redis-server --requirepass \"$$(cat /run/secrets/nextcloud_redis_password)\" --appendonly yes --save 60 1000"] hostname: redis container_name: nextcloud-redis secrets: - nextcloud_redis_password volumes: - ${PROJECT_ROOT}/apps/nextcloud/data/redis:/data:rw restart: always networks: - nextcloud labels: - "io.portainer.accesscontrol.public" healthcheck: test: ["CMD-SHELL", "redis-cli -a \"$$(cat /run/secrets/nextcloud_redis_password)\" PING | grep -q PONG"] interval: 10s timeout: 5s retries: 6 start_period: 10s networks: nextcloud: secrets: nextcloud_db_root_password: file: ${PROJECT_ROOT}/secrets/nextcloud_db_root_password.txt nextcloud_db_password: file: ${PROJECT_ROOT}/secrets/nextcloud_db_password.txt nextcloud_admin_password: file: ${PROJECT_ROOT}/secrets/nextcloud_admin_password.txt nextcloud_smtp_password: file: ${PROJECT_ROOT}/secrets/nextcloud_smtp_password.txt nextcloud_redis_password: file: ${PROJECT_ROOT}/secrets/nextcloud_redis_password.txt