docker/nextcloud/docker-compose.yml

version: "3"
services:
  webapp:
    image: nextcloud
    deploy:
#      resources:
#        limits:
#          cpus: '0.3'
#          memory: 200m
      restart_policy:
        condition: on-failure
        max_attempts: 5
#    read_only: true
#    tmpfs:
#      - /tmp
#      - /var
#      - /run
    restart: always
    hostname: nextcloud.lan.ddnsgeek.com
    volumes:
      - ./data:/var/www/html/data:rw
      - ./config:/var/www/html/config:rw
    depends_on:
      - database
      - redis
#    ports:
#      - 8083:80
#      - 4433:443
    environment:
      - MYSQL_PASSWORD=R1m@dmin
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=nextcloud_db:3306
      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.lan.ddnsgeek.com
      - OVERWRITEPROTOCOL=https
      - OVERWRITECLIURL=https://nextcloud.lan.ddnsgeek.com

      - SMTP_HOST=smtp-mail.outlook.com
      - SMTP_SECURE=tls
      - SMTP_PORT=587
      - SMTP_AUTHTYPE=login
      - MAIL_FROM_ADDRESS=wayne.bennett@live.com
      - MAIL_DOMAIN=live.com
      - SMTP_NAME=wayne.bennett
      - SMTP_PASSWORD=uscdbrjunqmkgglf

      - REDIS_HOST=redis
#      - REDIS_HOST_PASSWORD=R1m@dmin
    networks:
      - traefik_default
    labels:
      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.lan.ddnsgeek.com`)"
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
      - "io.portainer.accesscontrol.public"
      - "traefik.http.routers.nextcloud.middlewares=error-pages-middleware, nextcloud-dav, secHeaders@file, nextcloud-webfinger"
      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
      - "traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.regex=^/.well-known/nodeinfo"
      - "traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.replacement=/nextcloud/index.php/.well-known/nodeinfo/"
      - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.regex=https://(.*)/.well-known/webfinger"
      - "traefik.http.middlewares.nextcloud-webfinger.redirectregex.replacement=https://$${1}/nextcloud/index.php/.well-known/webfinger"

#      - "traefik.http.middlewares.nextcloudHeader.headers.stsSeconds=15552000"
#      - "traefik.http.middlewares.nextcloudHeader.headers.stsIncludeSubdomains=true"
#      - "traefik.http.middlewares.nextcloudHeader.headers.stsPreload=true"
#      - "traefik.http.middlewares.nextcloudHeader.headers.forceSTSHeader=true"

#      - "traefik.http.routers.nextcloud.middlewares=error-pages-middleware, secHeaders@file, nextcloud_redirectregex, nextcloud-webfinger"
#      - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true"
#      - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex='https://(.*)/.well-known/(?:card|cal)dav'"
#      - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement='https://$${1}/remote.php/dav'"

  database:
    image: mariadb:11.4
#    image: mariadb
#    read_only: true
#    tmpfs:
#      - /tmp
#      - /var
#      - /run
#      - /docker-entrypoint-initdb.d
    restart: always
    hostname: nextcloud_db
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    deploy:
#      resources:
#        limits:
#          cpus: '0.3'
#          memory: 300m
      restart_policy:
        condition: on-failure
        max_attempts: 5
    volumes:
      - ./database:/var/lib/mysql:rw
    environment:
      - MYSQL_ROOT_PASSWORD=R1m@dmin
      - MYSQL_PASSWORD=R1m@dmin
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MARIADB_AUTO_UPGRADE=1
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=R1m@dmin
    networks:
      - traefik_default
    healthcheck:
      test: "/usr/bin/mysql --user=nextcloud --password=R1m@dmin --execute \"SHOW DATABASES;\""
    labels:
      - "io.portainer.accesscontrol.public"
  redis:
    image: "redis"
#    read_only: true
#    tmpfs:
#      - /tmp
#      - /var
#      - /run
    deploy:
#      resources:
#        limits:
#          cpus: '0.3'
#          memory: 150m
      restart_policy:
        condition: on-failure
        max_attempts: 5
    command: redis-server --save 60 1 --loglevel warning
    environment:
      - REDIS_OVERCOMMIT_MEMORY=1
      - REDIS_ARGS="--requirepass R1m@dmin --user redis on >password ~* allcommands --user default off nopass nocommands"
    hostname: redis
#    user: "linode"
    volumes:
      - ./data/redis:/data:rw
#      - ./config.yaml:/opt/doods/config.yaml
    restart: unless-stopped
    networks:
      - traefik_default
    labels:
      - "io.portainer.accesscontrol.public"

networks:
  traefik_default:
    external: true