git
e320ebd247
modified: nextcloud/docker-compose.yml modified: passbolt/docker-compose.yml modified: searxng/docker-compose.yml modified: traefik/docker-compose.yml
147 lines
5.4 KiB
YAML
147 lines
5.4 KiB
YAML
services:
|
|
webapp:
|
|
image: nextcloud:production
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
max_attempts: 5
|
|
restart: always
|
|
hostname: nextcloud.lan.ddnsgeek.com
|
|
volumes:
|
|
- ./data:/var/www/html/data:rw
|
|
- ./config:/var/www/html/config:rw
|
|
depends_on:
|
|
- database
|
|
- redis
|
|
environment:
|
|
- MYSQL_PASSWORD=R1m@dmin
|
|
- MYSQL_DATABASE=nextcloud
|
|
- MYSQL_USER=nextcloud
|
|
- MYSQL_HOST=nextcloud_db:3306
|
|
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.lan.ddnsgeek.com
|
|
- OVERWRITEPROTOCOL=https
|
|
- OVERWRITECLIURL=https://nextcloud.lan.ddnsgeek.com
|
|
|
|
- SMTP_HOST=smtp-mail.outlook.com
|
|
- SMTP_SECURE=tls
|
|
- SMTP_PORT=587
|
|
- SMTP_AUTHTYPE=login
|
|
- MAIL_FROM_ADDRESS=wayne.bennett@live.com
|
|
- MAIL_DOMAIN=live.com
|
|
- SMTP_NAME=wayne.bennett
|
|
- SMTP_PASSWORD=uscdbrjunqmkgglf
|
|
|
|
- REDIS_HOST=redis
|
|
- REDIS_HOST_PORT=6379
|
|
- REDIS_HOST_PASSWORD=${NEXTCLOUD_REDIS_PASSWORD}
|
|
networks:
|
|
- traefik_reverse_proxy
|
|
- internal
|
|
labels:
|
|
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.lan.ddnsgeek.com`)"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.nextcloud.entrypoints=websecure"
|
|
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
|
|
- "io.portainer.accesscontrol.public"
|
|
- "traefik.http.routers.nextcloud.middlewares=error-pages-middleware, nextcloud-dav, secHeaders@file, nextcloud-webfinger"
|
|
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
|
|
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
|
|
- "traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.regex=^/.well-known/nodeinfo"
|
|
- "traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.replacement=/nextcloud/index.php/.well-known/nodeinfo/"
|
|
- "traefik.http.middlewares.nextcloud-webfinger.redirectregex.permanent=true"
|
|
- "traefik.http.middlewares.nextcloud-webfinger.redirectregex.regex=https://(.*)/.well-known/webfinger"
|
|
- "traefik.http.middlewares.nextcloud-webfinger.redirectregex.replacement=https://$${1}/nextcloud/index.php/.well-known/webfinger"
|
|
- "traefik.docker.network=traefik_reverse_proxy"
|
|
# - "traefik.http.middlewares.nextcloudHeader.headers.stsSeconds=15552000"
|
|
# - "traefik.http.middlewares.nextcloudHeader.headers.stsIncludeSubdomains=true"
|
|
# - "traefik.http.middlewares.nextcloudHeader.headers.stsPreload=true"
|
|
# - "traefik.http.middlewares.nextcloudHeader.headers.forceSTSHeader=true"
|
|
|
|
# - "traefik.http.routers.nextcloud.middlewares=error-pages-middleware, secHeaders@file, nextcloud_redirectregex, nextcloud-webfinger"
|
|
# - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true"
|
|
# - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex='https://(.*)/.well-known/(?:card|cal)dav'"
|
|
# - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement='https://$${1}/remote.php/dav'"
|
|
|
|
# healthcheck:
|
|
# test: >
|
|
# CMD-SHELL
|
|
# php -r '$f=fsockopen("127.0.0.1",80,$e,$s,2); if(!$f) exit(1);
|
|
# fwrite($f,"GET /status.php HTTP/1.0\r\nHost: localhost\r\n\r\n");
|
|
# $o=""; while(!feof($f)){$o.=fgets($f,128);} fclose($f);
|
|
# if(strpos($o,"\"installed\":true")===false) exit(1);'
|
|
# test: "curl -fsS http://127.0.0.1/status.php | grep -q '\"installed\":true'"
|
|
# test: >
|
|
# CMD-SHELL
|
|
# 'c=$(curl -fsS -o /dev/null -w "%{http_code}" http://127.0.0.1/status.php) \
|
|
# && [ "$c" -ge 200 ] && [ "$c" -lt 400 ] \
|
|
# && curl -fsS http://127.0.0.1/status.php | grep -q "\"installed\":true"'
|
|
# interval: 15s
|
|
# timeout: 5s
|
|
# retries: 10
|
|
# start_period: 120s
|
|
|
|
|
|
|
|
|
|
database:
|
|
image: mariadb:12
|
|
restart: always
|
|
hostname: nextcloud_db
|
|
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
max_attempts: 5
|
|
volumes:
|
|
- ./database:/var/lib/mysql:rw
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD=R1m@dmin
|
|
- MYSQL_PASSWORD=R1m@dmin
|
|
- MYSQL_DATABASE=nextcloud
|
|
- MYSQL_USER=nextcloud
|
|
- MARIADB_AUTO_UPGRADE=1
|
|
- NEXTCLOUD_ADMIN_USER=admin
|
|
- NEXTCLOUD_ADMIN_PASSWORD=R1m@dmin
|
|
networks:
|
|
- internal
|
|
# healthcheck:
|
|
# test: "/usr/bin/mysql --user=nextcloud --password=R1m@dmin --execute \"SHOW DATABASES;\""
|
|
labels:
|
|
- "io.portainer.accesscontrol.public"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -u\"$$MARIADB_USER\" -p\"$$MARIADB_PASSWORD\" --silent"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 12
|
|
start_period: 60s
|
|
|
|
|
|
redis:
|
|
image: "redis"
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
max_attempts: 5
|
|
command: ["redis-server", "--requirepass", "${NEXTCLOUD_REDIS_PASSWORD}", "--appendonly", "yes", "--save", "60", "1000"]
|
|
hostname: redis
|
|
volumes:
|
|
- ./data/redis:/data:rw
|
|
restart: unless-stopped
|
|
networks:
|
|
- internal
|
|
labels:
|
|
- "io.portainer.accesscontrol.public"
|
|
# healthcheck:
|
|
# test: ["CMD-SHELL", "redis-cli -a $$NEXTCLOUD_REDIS_PASSWORD PING | grep -q PONG"]
|
|
# interval: 10s
|
|
# timeout: 5s
|
|
# retries: 6
|
|
# start_period: 10s
|
|
|
|
|
|
networks:
|
|
traefik_reverse_proxy:
|
|
external: true
|
|
internal:
|
|
driver: bridge
|