services: webapp: image: nextcloud:production deploy: restart_policy: condition: on-failure max_attempts: 5 restart: always hostname: nextcloud.lan.ddnsgeek.com volumes: - ./data:/var/www/html/data:rw - ./config:/var/www/html/config:rw depends_on: - database - redis environment: - MYSQL_PASSWORD=R1m@dmin - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_HOST=nextcloud_db:3306 - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.lan.ddnsgeek.com - OVERWRITEPROTOCOL=https - OVERWRITECLIURL=https://nextcloud.lan.ddnsgeek.com - SMTP_HOST=smtp-mail.outlook.com - SMTP_SECURE=tls - SMTP_PORT=587 - SMTP_AUTHTYPE=login - MAIL_FROM_ADDRESS=wayne.bennett@live.com - MAIL_DOMAIN=live.com - SMTP_NAME=wayne.bennett - SMTP_PASSWORD=uscdbrjunqmkgglf - REDIS_HOST=redis - REDIS_HOST_PORT=6379 - REDIS_HOST_PASSWORD=${NEXTCLOUD_REDIS_PASSWORD} networks: - traefik_reverse_proxy - internal labels: - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.lan.ddnsgeek.com`)" - "traefik.enable=true" - "traefik.http.routers.nextcloud.entrypoints=websecure" - "traefik.http.routers.nextcloud.tls.certresolver=myresolver" - "io.portainer.accesscontrol.public" - "traefik.http.routers.nextcloud.middlewares=error-pages-middleware, nextcloud-dav, secHeaders@file, nextcloud-webfinger" - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" - "traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.regex=^/.well-known/nodeinfo" - "traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.replacement=/nextcloud/index.php/.well-known/nodeinfo/" - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.permanent=true" - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.regex=https://(.*)/.well-known/webfinger" - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.replacement=https://$${1}/nextcloud/index.php/.well-known/webfinger" - "traefik.docker.network=traefik_reverse_proxy" # - "traefik.http.middlewares.nextcloudHeader.headers.stsSeconds=15552000" # - "traefik.http.middlewares.nextcloudHeader.headers.stsIncludeSubdomains=true" # - "traefik.http.middlewares.nextcloudHeader.headers.stsPreload=true" # - "traefik.http.middlewares.nextcloudHeader.headers.forceSTSHeader=true" # - "traefik.http.routers.nextcloud.middlewares=error-pages-middleware, secHeaders@file, nextcloud_redirectregex, nextcloud-webfinger" # - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true" # - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex='https://(.*)/.well-known/(?:card|cal)dav'" # - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement='https://$${1}/remote.php/dav'" # healthcheck: # test: > # CMD-SHELL # php -r '$f=fsockopen("127.0.0.1",80,$e,$s,2); if(!$f) exit(1); # fwrite($f,"GET /status.php HTTP/1.0\r\nHost: localhost\r\n\r\n"); # $o=""; while(!feof($f)){$o.=fgets($f,128);} fclose($f); # if(strpos($o,"\"installed\":true")===false) exit(1);' # test: "curl -fsS http://127.0.0.1/status.php | grep -q '\"installed\":true'" # test: > # CMD-SHELL # 'c=$(curl -fsS -o /dev/null -w "%{http_code}" http://127.0.0.1/status.php) \ # && [ "$c" -ge 200 ] && [ "$c" -lt 400 ] \ # && curl -fsS http://127.0.0.1/status.php | grep -q "\"installed\":true"' # interval: 15s # timeout: 5s # retries: 10 # start_period: 120s database: image: mariadb:12 restart: always hostname: nextcloud_db command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW deploy: restart_policy: condition: on-failure max_attempts: 5 volumes: - ./database:/var/lib/mysql:rw environment: - MYSQL_ROOT_PASSWORD=R1m@dmin - MYSQL_PASSWORD=R1m@dmin - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MARIADB_AUTO_UPGRADE=1 - NEXTCLOUD_ADMIN_USER=admin - NEXTCLOUD_ADMIN_PASSWORD=R1m@dmin networks: - internal # healthcheck: # test: "/usr/bin/mysql --user=nextcloud --password=R1m@dmin --execute \"SHOW DATABASES;\"" labels: - "io.portainer.accesscontrol.public" healthcheck: test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -u\"$$MARIADB_USER\" -p\"$$MARIADB_PASSWORD\" --silent"] interval: 10s timeout: 5s retries: 12 start_period: 60s redis: image: "redis" deploy: restart_policy: condition: on-failure max_attempts: 5 command: ["redis-server", "--requirepass", "${NEXTCLOUD_REDIS_PASSWORD}", "--appendonly", "yes", "--save", "60", "1000"] hostname: redis volumes: - ./data/redis:/data:rw restart: unless-stopped networks: - internal labels: - "io.portainer.accesscontrol.public" # healthcheck: # test: ["CMD-SHELL", "redis-cli -a $$NEXTCLOUD_REDIS_PASSWORD PING | grep -q PONG"] # interval: 10s # timeout: 5s # retries: 6 # start_period: 10s networks: traefik_reverse_proxy: external: true internal: driver: bridge