diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..70ce64b --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.env +nextcloud/ diff --git a/README.md b/README.md index 3b4558d..cc17424 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,27 @@ -# tpl.docker-compose +# Nextcloud +## Requirements + + * Docker + * docker-compose + +## Quick start + +1. Copy the examples and adapt as needed their content: + + ```sh + cp env.example .env + cp db.env.example db.env + ``` + +2. Start Nextcloud: + + ```sh + docker-compose up -d + ``` + +3. Add crontab entry: + + ``` + */5 * * * * docker exec -u www-data cloud_app_1 php cron.php + ``` diff --git a/db.env.example b/db.env.example new file mode 100644 index 0000000..d3a5d66 --- /dev/null +++ b/db.env.example @@ -0,0 +1,4 @@ +POSTGRES_DB=nextcloud +POSTGRES_PORT=5432 +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..2bb13a2 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,128 @@ +version: "3.8" + +networks: + internal: + internal: true + proxy_home: + external: true + +services: + memcache: + image: "redis:6.2-alpine" + restart: always + networks: + - internal + environment: + - REDIS_HOST=memcache + + db: + image: "postgres:13.2-alpine" + restart: always + networks: + - internal + volumes: + - "./postgres_data:/var/lib/postgresql/data:rw" + env_file: + - ./db.env + environment: + - POSTGRES_HOST=db + + app: + image: "nextcloud:21" + restart: always + networks: + - proxy_home + - internal + # NextCloud issues direct internet calls for plugins! + - default + depends_on: + - db + - memcache + volumes: + - "./nextcloud/:/var/www/html/:rw" + #- "./nextcloud/apps/:/var/www/html/custom_apps/:rw" + #- "./nextcloud/config/:/var/www/html/config/:rw" + #- "./nextcloud/data/:/var/www/html/data/:rw" + env_file: + - ./db.env + environment: + - POSTGRES_HOST=db + - REDIS_HOST=memcache + - APACHE_DISABLE_REWRITE_IP=1 + - TRUSTED_PROXIES=${TRUSTED_PROXIES} + - OVERWRITEHOST=${FQDN_CLOUD} + - OVERWRITEPROTOCOL=https + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy_home" + - "traefik.http.services.nextcloud.loadbalancer.server.port=80" + + # MIDDLEWARES + - "traefik.http.middlewares.append-slash.redirectregex.permanent=true" + - "traefik.http.middlewares.append-slash.redirectregex.regex=https://(.*)${DOMAIN_NAME}$$" + - "traefik.http.middlewares.append-slash.redirectregex.replacement=https://$${1}${DOMAIN_NAME}/" + + - "traefik.http.middlewares.headers-same-origin.headers.customframeoptionsvalue=SAMEORIGIN" + + # CalDAV / CardDAV + - "traefik.http.middlewares.nextcloud-dav.redirectregex.permanent=true" + - "traefik.http.middlewares.nextcloud-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav" + - "traefik.http.middlewares.nextcloud-dav.redirectregex.replacement=https://$${1}/remote.php/dav/" + + # Priority goes from first in the list to last. + - "traefik.http.middlewares.nextcloud.chain.middlewares=headers-same-origin,headers-base@file,headers-sts@file,headers-policy-domain@file" + + # Pico CMS redirect / rewrite rules + - "traefik.http.middlewares.sites-redirect.redirectregex.permanent=true" + - "traefik.http.middlewares.sites-redirect.redirectregex.regex=^https://${FQDN_SITES}/?$$" + - "traefik.http.middlewares.sites-redirect.redirectregex.replacement=https://${FQDN_HOME}/" + + - "traefik.http.middlewares.sites-exceptions.replacepathregex.regex=^/apps/cms_pico/pico/(.*?/)?(custom_)?apps/(.*)$$" + - "traefik.http.middlewares.sites-exceptions.replacepathregex.replacement=/$${2}apps/$${3}" + + - "traefik.http.middlewares.sites-path.replacepathregex.regex=^/(.*)$$" + - "traefik.http.middlewares.sites-path.replacepathregex.replacement=/apps/cms_pico/pico/$${1}" + + - "traefik.http.middlewares.sites-home-path.replacepathregex.regex=^/(.*)$$" + - "traefik.http.middlewares.sites-home-path.replacepathregex.replacement=/apps/cms_pico/pico/home/$${1}" + + - "traefik.http.middlewares.sites-blog-path.replacepathregex.regex=^/(.*)$$" + - "traefik.http.middlewares.sites-blog-path.replacepathregex.replacement=/apps/cms_pico/pico/blog/$${1}" + + # Use a chain to guarantee ordering + - "traefik.http.middlewares.sites.chain.middlewares=sites-path,sites-exceptions" + - "traefik.http.middlewares.sites-home.chain.middlewares=sites-home-path,sites-exceptions" + - "traefik.http.middlewares.sites-blog.chain.middlewares=sites-blog-path,sites-exceptions" + + # NextCloud + - "traefik.http.routers.nextcloud.service=nextcloud" + - "traefik.http.routers.nextcloud.entrypoints=web-secure" + - "traefik.http.routers.nextcloud.rule=(Host(`${FQDN_CLOUD}`) || Host(`${FQDN_DRIVE}`))" + - "traefik.http.routers.nextcloud.tls=true" + - "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt" + - "traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud-dav" + + # Main site + - "traefik.http.routers.home.service=nextcloud" + - "traefik.http.routers.home.entrypoints=web-secure" + - "traefik.http.routers.home.rule=(Host(`${DOMAIN_NAME}`) || Host(`${FQDN_HOME}`))" + - "traefik.http.routers.home.tls=true" + - "traefik.http.routers.home.tls.certresolver=letsencrypt" + - "traefik.http.routers.home.middlewares=nextcloud,append-slash,sites-home" + + # Blog + - "traefik.http.routers.blog.service=nextcloud" + - "traefik.http.routers.blog.entrypoints=web-secure" + - "traefik.http.routers.blog.rule=Host(`${FQDN_BLOG}`)" + - "traefik.http.routers.blog.tls=true" + - "traefik.http.routers.blog.tls.certresolver=letsencrypt" + - "traefik.http.routers.blog.middlewares=nextcloud,append-slash,sites-blog" + + # Web sites + - "traefik.http.routers.sites.service=nextcloud" + - "traefik.http.routers.sites.entrypoints=web-secure" + - "traefik.http.routers.sites.rule=Host(`${FQDN_SITES}`)" + - "traefik.http.routers.sites.tls=true" + - "traefik.http.routers.sites.tls.certresolver=letsencrypt" + - "traefik.http.routers.sites.middlewares=nextcloud,sites-redirect,sites" + diff --git a/env.example b/env.example new file mode 100644 index 0000000..8b06523 --- /dev/null +++ b/env.example @@ -0,0 +1,7 @@ +FQDN_CLOUD=cloud.example.net +FQDN_DRIVE=drive.example.net +FQDN_SITES=sites.example.net +FQDN_HOME=www.example.net +FQDN_BLOG=blog.example.net +DOMAIN_NAME=example.net +TRUSTED_PROXIES=192.168.254.0/20